850d3e7fef
When LDAP user federation is configured in read-only mode, it is not possible to set required actions for users from LDAP. Keycloak credential model allows for registering OTP devices when LDAP ist configured with "Import Users" flag enabled. Registering OTP devices needs to be done via the account management console and works as expecetd. However, it fails, if a user has to register aN OTP device during login (i.e. within the authentication flow), because the OTP Form Authenticator tries to enforce OTP registration via setting the corresponding required action for the user. That fails, because the user is read-only. To work around this, the required action is set on the authentication session instead. |
||
---|---|---|
.. | ||
base | ||
other | ||
pom.xml |