How To Access Keycloak APIs Using Two-Factor Authentication Two-Factor Authentication is the very strong and recommended security control. In my previous post I have described how to configure Two-factor authentication in Keycloak. The short (but important) post describes how to access Keycloak APIs using Two-Factor Authentication. Access Keycloak APIs Using User Name and Password Let’s first access Keycloak APIs Using User Name and Password. According to the Keycloak documentation, you first need to obtain an access token.
My presentation at OWASP Appsec IL 2018 The video is published here. Passwords are passé. WebAuthn is simpler, stronger and ready to go from Michael Furman
Disabling Two-Factor Authentication The post describes how to disable Two-Factor Authentication in Keycloak. Disabling Two-Factor Authentication for a specific user In my previous post I have described how to configure Two-Factor Authentication. But what should you do when your user lost a mobile device? What should you do when your user uninstalled the Google Authenticator by mistake? You need to disable Two-Factor Authentication for the user. Configuration Open Keycloak admin page, open Users, open the user and go to the Credentials tab.
Keycloak Two-Factor Authentication The post describes how to configure Two-factor authentication in Keycloak What is Two-Factor Authentication? According to wikipedia: Two-factor authentication (also known as 2FA) is a method of confirming a user’s claimed identity by utilizing a combination of two different factors: Something they know Something they have or something they are Keycloak Two-Factor Authentication Keycloak authenticates users using: Password An one-time password (OTP) A one-time password generated by Google Authenticator or FreeOTP