Keycloak中针对用户的多种身份验证方法 [英] Multiple authentication methods for a user in Keycloak

问题描述

我想让我的用户选择使用哪种身份验证方法.例如，可以为他们提供菜单以选择一个选项(用户名/密码，用户名/密码+ OTP等). 然后，Keycloak应该根据他们的选择为令牌分配特定范围.

I would like to let my users have a choice which authentication method to use. For example, they could be presented with a menu to pick an option (username/pass, username/pass+OTP, etc). Then, Keycloak should, based on their choice, assign specific scope to the token.

这可能与Keycloak(可能通过某种方式利用auth方法链接)有关吗?我在文档中找不到此内容，但对我来说似乎是一个合理的用例.

Is this possible to do with Keycloak (probably by somehow utilizing auth methods chaining) and how? I couldn’t find this in the documentation but it seems as a reasonable use-case to me.

推荐答案

这是我的解决方案:

循环的身份验证器是我提供了自定义实现的自定义身份验证器. 我使用了穿透机制，这意味着我第一个身份验证器实现了一种自定义形式:

Circled authenticators are custom ones for which I provided a custom implementation. I used the fall-through mechanism, which means I that first authenticator implements a custom form:

，它允许用户选择身份验证器并将用户的选择捕获到变量中. 以后，此变量在以下验证器中使用，以决定是进行验证还是将控制权传递给下一个验证器.

which lets the user choose authenticator and captures user's choice in a variable. Later, this variable is used in the following authenticators to decide whether to do the authentication or to pass on control to the next authenticator.

您可以在以下页面中了解有关身份验证SPI的更多信息: https: //www.keycloak.org/docs/latest/server_development/index.html#_auth_spi

You can read more about Authentication SPI in the following page: https://www.keycloak.org/docs/latest/server_development/index.html#_auth_spi

此处，您将看到如何实现自定义身份验证器

And here you can see how to implement custom authenticator.

这篇关于Keycloak中针对用户的多种身份验证方法的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！