sventorben
commented
5 months ago Hello @ArminRadmueller,
Would it be possible to adapt the implementation in https://github.com/sventorben/keycloak-home-idp-discovery/issues/251 so that password form or alternatively OTP form only works again?
To make this work, I would need to set the user in the Keycloak context. But that would instantly lead to the security issue described in #251 again. So, I do not think I will be able to support this right now.
If you need passwordless authentication, why not use the WebAuthnPasswordlessAuthenticator that should not need the user to be set in the context?
ArminRadmueller
Is there an existing feature request for this?
Is your feature related to a problem? Please describe.
I would like to use the home-idp-discovery with our Keycloak and after watching the video I had set it up as described and encountered the same problem as described in https://github.com/sventorben/keycloak-home-idp-discovery/issues/285. In the documentation it's described correctly with username/password form. I wanted to set up the home-idp-discovery with an OTP failback instead of the password-form, in other words passwordless.
Describe the solution you'd like
Would it be possible to adapt the implementation in https://github.com/sventorben/keycloak-home-idp-discovery/issues/251 so that password form or alternatively OTP form only works again?
I would like to describe my idea better: User inserts his e-mail address and is redirected to a linked identity provider. If it is only a local or LDAP account, the alternative authenticator (failback) will be used, which would be the OTP in my scenario.
Describe alternatives you've considered
No response
Anything else?
No response