[keycloak-user] Adding 2FA with SMS
Lukasz Lech
l.lech at ringler.ch
Fri Jun 14 06:07:02 EDT 2019
Hello,
I'm analysing the requirement for adding 2FA with SMS to keycloak.
There is a ready project https://github.com/UKGovernmentBEIS/keycloak-sms-authenticator-sns and to activate this, you need to modify authentication browser flow.
This look quite cheaply made. First, SMS is always sent, but validated only if you set SMS validation to REQUIRED, second, you give your mobile number, and if it is wrong, you must call support to change that for you.
The correct way would be to make it analog to TOTP. A separate screen when you give your mobile number, and then give the validation code, and only then your mobile phone will be saved.
Could you please give me a hint, if adding second 2FA this way could be made via plug-in, so, by writing provider(s), changing themes and editing flows in administration, or it would require some changes to keycloak core code?
Were there any attemtps for writing alternative 2FA plugins working similar way as TOTP is working now?
Best regards,
Lukasz Lech
More information about the keycloak-user
mailing list