-
Bug
-
Resolution: Done
-
Major
-
RH-SSO-7.0.0.ER8
-
None
-
None
It seems to me that Conditional OTP form authenticator isn't used or the authenticator doesn't work well. The authenticator org.keycloak.authentication.authenticators.browser.ConditionalOtpFormAuthenticator should decide in following order:
1. it should check if user attribute is set, if so it decided whether to require OTP Form ("force") or skip the form ("skip")
2. analogically - role
3. request header
4. default configuration
5. no default is configured - require OTP
I have tried just user attribute and default config and it seems to me that the form behaves exactly the same as OTPFormAuthenticator (no conditions are taken to consideration)
I haven't test the remains conditions.
- blocks
-
RHSSO-122 Custom auth flows
- Closed