Keycloak中针对用户的多种身份验证方法 [英] Multiple authentication methods for a user in Keycloak
问题描述
我想让我的用户选择使用哪种身份验证方法.例如,可以为他们提供菜单以选择一个选项(用户名/密码,用户名/密码+ OTP等). 然后,Keycloak应该根据他们的选择为令牌分配特定范围.
I would like to let my users have a choice which authentication method to use. For example, they could be presented with a menu to pick an option (username/pass, username/pass+OTP, etc). Then, Keycloak should, based on their choice, assign specific scope to the token.
这可能与Keycloak(可能通过某种方式利用auth方法链接)有关吗?我在文档中找不到此内容,但对我来说似乎是一个合理的用例.
Is this possible to do with Keycloak (probably by somehow utilizing auth methods chaining) and how? I couldn’t find this in the documentation but it seems as a reasonable use-case to me.
推荐答案
这是我的解决方案:
循环的身份验证器是我提供了自定义实现的自定义身份验证器. 我使用了穿透机制,这意味着我第一个身份验证器实现了一种自定义形式:
Circled authenticators are custom ones for which I provided a custom implementation. I used the fall-through mechanism, which means I that first authenticator implements a custom form:
,它允许用户选择身份验证器并将用户的选择捕获到变量中.
以后,此变量在以下验证器中使用,以决定是进行验证还是将控制权传递给下一个验证器.
which lets the user choose authenticator and captures user's choice in a variable.
Later, this variable is used in the following authenticators to decide whether to do the authentication or to pass on control to the next authenticator.
您可以在以下页面中了解有关身份验证SPI的更多信息: https: //www.keycloak.org/docs/latest/server_development/index.html#_auth_spi
You can read more about Authentication SPI in the following page: https://www.keycloak.org/docs/latest/server_development/index.html#_auth_spi
此处,您将看到如何实现自定义身份验证器
And here you can see how to implement custom authenticator.
这篇关于Keycloak中针对用户的多种身份验证方法的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!