Menu
I am exploring keycloak and I want to build an application that was based on user mobile number, SMS OTP should go to the user for authentication. I am not finding any where.
469
Keycloak has a number of policies you can set up for your FreeOTP or Google Authenticator One-Time Password generator. Click on the Authentication left menu item and go to the OTP Policy tab. Any policies you set here will be used to validate one-time passwords.
Limitations in Keycloak When prompted for two factor the user should be prompted with the default authenticator, but should have an option to switch to any of the authenticators configured for their account. Keycloak also does not currently deal well with enabling custom two factor authenticators to be added.
Keycloak SMS Provider With this provider you can enforce authentication policies based on a verification token sent to users' mobile phones. Currently, there are implementations of Twilio and TotalVoice SMS sender services.
Run Keycloak with the custom authentication provider. Create a new realm dynamic-otp-test. Goto Authentication -> Flows -> Select Browser. Add execution: Conditional OTP Form. Mark the Conditional OTP Form as required. Register OTP device. import org. keycloak. authentication. AuthenticationFlowContext; import org. keycloak. models. RoleModel;
That’s IMHO the most logical reason for not shipping an SMS-based 2FA authenticator. But as Keycloak is built up on SPIs and the “Authentication SPI” is one of the most powerful extension points, it’s not that hard to implement a 2FA process flow yourself.
With the way Keycloak has implemented TOTP this distinction becomes a little more blurry. HOTP requires a database update every time the server wants to increment the counter. This can be a performance drain on the authentication server when there is heavy load. So, to provide a more efficient alternative, TOTP does not remember passwords used.
It is possible through extending Authentication mechanism, check Authentication SPI documentation
Take a look at existing solution: https://github.com/nickpack/keycloak-sms-authenticator-sns Even if it doesn't suite your needs you can take the source code as a reference point.
61
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
