[keycloak-user] How to integrate 3rd-party 2FA with Keycloak

[Lukasz Lech]

Hello,

What would exactly mean 'extending existing OTPs'? Does it mean modifying Keycloak sources, or providing your own extension (via SPI)?

Keycloak-sms-authenticator-sns configured in the way described in README works really strange. It is always active, but Is not validating token unless you set SMS to REQUIRED etc. 
Is it a productive project or a kind of an abandoned experiment / research ?

Best regards,
Lukasz Lech


-----Original Message-----
From: keycloak-user-bounces at lists.jboss.org [mailto:keycloak-user-bounces at lists.jboss.org] On Behalf Of Lukasz Dywicki
Sent: Freitag, 14. Juni 2019 12:20
To: Hyunji Kim <hyunji.kim at broadcom.com>; keycloak-user at lists.jboss.org
Subject: Re: [keycloak-user] How to integrate 3rd-party 2FA with Keycloak

Hey Hyunji,
In order to integrate additional OTP you have two ways:
1) extend existing OTPs (google, freeotp) and add your own
2) create own browser frow with your custom otp action

I believe the later one is easier as it can be done without modifying existing Keycloak sources.
A nice example with completely new Authenticator is available at github:
https://github.com/UKGovernmentBEIS/keycloak-sms-authenticator-sns

Best regards,
Łukasz
--
Code-House http://code-house.org

On 12.06.2019 23:58, Hyunji Kim wrote:
> Hello all,
> 
> is there any way to integrate a 3rd-party 2FA with Keycloak so that 
> the OTP code is validated by the 2FA outside Keycloak?
> 
> My team is using Authy for 2FA and I'm trying to figure out how to 
> integrate it with Keycloak.
> 
> Thank you,
> Hyunji
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
> 
_______________________________________________
keycloak-user mailing list
keycloak-user at lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user