This provider allows you to use privacyIDEA's 2FA with Keycloak.
We added a detailed how to in our blog.
In this blog entry, you can find an example with Keycloak, privacyIDEA and Drupal.
- Check our latest releases
- Download the assets privacyIDEA.jar and privacyIDEA.ftl
- Move the packed jar file into your deployment directory
standalone/deployment. - Move the template privacyIDEA.ftl to
themes/base/login.
Now you can enable the execution for your auth flow.
If you set the execution as 'required', every user needs to login with a second factor.
You can find different preferences in your configuration, which are explained below.
| Configuration | Explanation |
|---|---|
| URL | The URL of your privacyIDEA server, which must be reachable from the keycloak server |
| Realm | This is the realm, where the users are located in. Leave empty to use the privacyIDEA default realm |
| Verify SSL | You can choose if Keycloak should verify the ssl certificate from privacyIDEA. Please do not uncheck this in a productive environment! |
| Enable trigger challenge | Select if trigger challenge is enabled |
| Service account | The username of your service account to trigger challenges, enroll tokens or check if push tokens are confirmed. Please make sure, that the service account has the correct rights. |
| Service account password | The password of your service account |
| Exclude groups | You can exclude groups from 2FA |
| Enable token enrollment | If the current user does not have a token yet, it can be enrolled. The service account has to be set up |
| Token type | Select the token type for the token enrollment |
| Refresh interval for push tokens | Choose your custom interval in seconds to check if the push token is confirmed. This can be a comma separated list, if you want to change the interval |
-
If the wildfly server is running, the authenticator can directly be deployed with
mvn clean install wildfly:deployand only the template has to be copied. -
Otherwise build with
mvn clean installand go on with Installation