New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Enforce-MFA doesn’t work as expected when used in post login flow #112

Open

jirutka opened this issue Jul 26, 2024 · 1 comment

jirutka commented Jul 26, 2024

I’ve configured it exactly as described in the readme, but I use this authentication flow as the Identity Provider’s post login flow.

- MFA Wrapper Flow
-- MFA-Authenticate-subflow CONDITIONAL
--- Condition - user configured REQUIRED
--- OTP ALTERNATIVE
--- WebAuthn ALTERNATIVE

-- Register-MFA-subflow CONDITIONAL
--- Condition - user configured REQUIRED
--- Enforce-MFA REQUIRED

Even when the user has Passkeys enrolled, Keycloak always shows them the Enforce-MFA page with the selection of 2FA methods to configure.

The text was updated successfully, but these errors were encountered:

Collaborator

melegiul commented Jul 30, 2024

but I use this authentication flow as the Identity Provider’s post login flow.

Thanks for your report. Could you please explain what that means? Or even better provide the full authentication flow setup?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment