[keycloak-user] programmatic authentication flow
Thomas Darimont
thomas.darimont at googlemail.com
Mon Dec 19 12:34:07 EST 2016
Hello Steve,
something similar to what you want is already available in Keycloak.
Look for the "Conditional OTP Form" in the "Create Authenticator Execution"
screen,
when you create a new Authenticator Execution.
The implementation can be found in the keycloak-services module:
org.keycloak.authentication.authenticators.browser.ConditionalOtpFormAuthenticator
Cheers,
Thomas
2016-12-14 14:06 GMT+01:00 Steve Favez <favez.steve at gmail.com>:
> Hi all,
>
> I'd like to implement the following use case. I need a Browser
> authentication flow that will add, after User / Password Form
> Authenticator, a kind of "access rules" authenticator, that will, according
> to some request parameters, (for example, ip address, or application) will
> add dynamically a second factor authenticator in the flow. (Like OTP or
> SMS).
> Furthermore, I'd like to be able to provide a choice of 2FA systems to the
> end user (For example, we provide a set of second factory, and the end user
> can choose the one he'd like to use).
> So, if some "strong authentication" criteria are matched during browser
> authentication process, after providing user and password, user will get a
> form allowing him to choose the second factory system he'd like to use to
> authenticate.
> My goal is to be able to reuse existing authenticator. (So, not to write a
> big 2fa authenticator with all authenticators duplicated inside).
>
> Thanks in advance for your valuable input
>
> Cheers
>
> St
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
More information about the keycloak-user
mailing list