Open ArminRadmueller opened 5 months ago
Hello @ArminRadmueller,
Would it be possible to adapt the implementation in https://github.com/sventorben/keycloak-home-idp-discovery/issues/251 so that password form or alternatively OTP form only works again?
To make this work, I would need to set the user in the Keycloak context. But that would instantly lead to the security issue described in #251 again. So, I do not think I will be able to support this right now.
If you need passwordless authentication, why not use the WebAuthnPasswordlessAuthenticator
that should not need the user to be set in the context?
I will test it in the next few days, but it will be too big a step for our use case
Is there an existing feature request for this?
Is your feature related to a problem? Please describe.
I would like to use the home-idp-discovery with our Keycloak and after watching the video I had set it up as described and encountered the same problem as described in https://github.com/sventorben/keycloak-home-idp-discovery/issues/285. In the documentation it's described correctly with username/password form. I wanted to set up the home-idp-discovery with an OTP failback instead of the password-form, in other words passwordless.
Describe the solution you'd like
Would it be possible to adapt the implementation in https://github.com/sventorben/keycloak-home-idp-discovery/issues/251 so that password form or alternatively OTP form only works again?
I would like to describe my idea better: User inserts his e-mail address and is redirected to a linked identity provider. If it is only a local or LDAP account, the alternative authenticator (failback) will be used, which would be the OTP in my scenario.
Describe alternatives you've considered
No response
Anything else?
No response