How to Allow user to select authenticators

234 views
Skip to first unread message

Anshul Khare

unread,
Jul 20, 2021, 8:23:19 AM7/20/21
to Keycloak User
I've build a few custom authenticators (SPI) and now I am trying to construct an authentication flow where the user can select the authentication mechanism. 

I am wondering what's the best way to achieve this where user's selected authenticator is processed and at any time (before completing the authentication) user should be able to go back to the list of authenticator to make their selection again (Not 'Reset flow' because  that would take the user to beginning of the authentication flow.)

Haven't really found any thing yet. Any clue would be much appreciated.

Regards,
Anshul

Ulli Nowen

unread,
Jul 20, 2021, 10:55:10 AM7/20/21
to Keycloak User
By users, were you referring to Admin users?

Anshul Khare

unread,
Jul 21, 2021, 1:15:47 AM7/21/21
to Keycloak User
No, not admin user. 

Normal user who logs in and goes through an authentication flow configure by the admin.

The desired outcome is - when this normal user logs in, he/she is presented with a list of available authentication mechanism and based on the selection further authentication flow is decided. 

For example - 

1. On the login page, user is asked for their mobile (A custom mobile validation authenticator SPI).
2. On the subsequent screen user see two options - SMS OTP (another custom authenticator SPI) and Push Notification (Yet another custom authenticator SPI)
3. On selecting SMS OTP option, SMS OTP authenticator kicks in, where user is asked to enter the OTP. Along with submit button, there's another button which allows user to go back to step 2 and re-select. (Resetting the flow will send the user back to step 1 which is not desired)
4. If user selects the second option (Push Notification authenticator SPI), then the subsequent screens are shown as per the Push notif SPI implementation. 

I hope this clarifies what exactly I am trying to achieve when I say "Giving user an option to select the authentication mechanism) 

Uday Sarnaik

unread,
Jul 27, 2021, 7:28:59 AM7/27/21
to Keycloak User
You should be able to achieve this by submitting a form on that button and let authenticator decide which FTL view to present to user based what button user clicked on (either submit OTP or Go to previous page). In this case, if user chooses to "Go to Previous page", SPI should render authenticator selection page. This should not restart whole login flow for user.
Hope this helps..

Vaibhav Shelar

unread,
Aug 23, 2021, 11:38:47 AM8/23/21
to Keycloak User
Hi,

I'm looking for OTP( as an SMS ) based authentication. Can I get the way to do this? as you have implemented this.

On Wednesday, 21 July 2021 at 10:45:47 UTC+5:30 anshul...@vida.id wrote:
Reply all
Reply to author
Forward
0 new messages