Go to file
Giuliano Mele 4d3dcb6379
Remove unused JSON dependency
2023-11-29 13:56:26 +01:00
.github Fix github release action 2023-03-06 10:57:15 +01:00
.vscode Add vscode tabs format settings 2022-07-04 09:21:33 +02:00
dev Add embedded keycloak spring boot devserver (#60) 2023-03-06 09:06:45 +01:00
sms-authenticator Remove unused JSON dependency 2023-11-29 13:56:26 +01:00
.editorconfig initial commit 2020-10-07 23:18:12 +02:00
.gitignore Add embedded keycloak spring boot devserver (#60) 2023-03-06 09:06:45 +01:00
CHANGELOG.md Bump v0.2.0 2022-07-15 09:30:39 +02:00
LICENSE Fix LICENSE headers & indentation 2022-06-26 10:20:52 +02:00
README.md README: prepare for MFA plugins 2023-03-03 09:42:17 +01:00
keycloak-2fa-sms-authenticator.ipr Add embedded keycloak spring boot devserver (#60) 2023-03-06 09:06:45 +01:00
keycloak-2fa-sms-authenticator.iws Add embedded keycloak spring boot devserver (#60) 2023-03-06 09:06:45 +01:00
pom.xml Remove unused JSON dependency 2023-11-29 13:56:26 +01:00

README.md

Keycloak MFA Plugin collection

This repository contains the source code for a collection of Keycloak MFA plugins. The plugins are:

  • SMS authenticator (production ready)
  • Force MFA & Selection dialog (work in progress)
  • Native App MFA integration (work in progress)

The different plugins are documented below.

Keycloak 2FA SMS Authenticator

Keycloak Authentication Provider implementation to get a 2nd-factor authentication with a OTP/code/token send via SMS with a configurable HTTPS API. It should be possible to interact with most SMS providers. Issues and pull requests to support more SMS providers are welcome.

This is a fork of a great demo implementation by @dasniko, and also takes huge chunks of code from the original authenticator provider documentation and example from Keycloak itself.

License

The code of this project is Apache 2.0 licensed. Parts of the original code are MIT licensed.

Building

  1. Clone this repository
  2. Install Apache Maven
  3. Change into the cloned directory and run
    mvn package
    
    A file target/netzbegruenung.keycloak-2fa-sms-authenticator.jar should be created.

Installing

  1. Go to https://github.com/netzbegruenung/keycloak-2fa-sms-authenticator/releases and download the latest .jar file.
  2. Copy the created jar file into the providers directory of your Keycloak:
    cp netzbegruenung.keycloak-2fa-sms-authenticator.jar /path/to/keycloak/providers
    
  3. Run the build command and restart Keycloak:
    /path/to/keycloak/bin/kc.sh build [your-additional-flags]
    systemctl restart keycloak.service
    

Usage

  1. Add a new execution to the 2FA flow of your Browser flow, choose "SMS Authentication (2FA)".
  2. Make sure that you name it "sms-2fa". This is currently a hack that will hopefully be fixed. Additional executions with other names can be added. But this first execution will be used for the confirmation SMS when setting up a new phone number.
  3. Go into the config of the execution and configure the plugin so that it works with the API of your SMS proivder.