Attention: The current version of the plugin only works with Keycloak, starting from version 23.0.1
Authentication execution plugin for Keycloak that adds MultiFactor into the authentication flow. Component uses Keycloak Service Provider Interface (SPI) to show user a MultiFactor iframe upon completion of primary authentication.
Modify keycloak.version in pom.xml to match to your specific Keycloak version (currently, version 22.0.1 is used), then build the component:
$ mvn clean install
$ cp <keycloack dir>/target/keycloak-multifactor-spi-jar-with-dependencies.jar <keycloack dir>/providers
# run kc.bat build or kc.sh build from <keycloack dir>/bin
# restart keycloak
-
In MultiFactor administration console, add new "Website" resource. Use
JwtHS256access token format; -
In KeyCloak "Realm Settings" -> "Security Defenses" -> "Content-Security-Policy" add MultiFactor as a trusted frame-able source:
frame-src https://*.multifactor.ru/ 'self'; -
In KeyCloak "Authentication" -> "Flow" select "Browser" click "Action->Duplicate";
-
In KeyCloak "Authentication" -> "Flow" select "Copy of browser" and click "Add step" to "Copy of browser forms" and select
Multifactor(Attention: "Multifactor" must be after "Username Password Form"); -
Press "Settings" for "Multifactor" and enter the following values:
- API key: value from step 1;
- API secret: value from step 1;
- API URL: https://api.multifactor.ru.
-
Select
REQUIREDunder the Requirement column for "Multifactor". Save your configuration; -
In your Keycloak client's settings, in the "Advanced" -> "Authentication Flow Overrides" section, bind your "Copy of browser" to the Browser Flow. Alternatively, you can bind new flow globally: In "Authentication" -> "Flow" select "Copy of browser" and click "Action->Bind flow".