I need help/support on below custom requirement in Keycloak.
Requirement: 1. A user can be able to set Password and 6-digit PIN as credential and preferred login method for first time. Then the user should able to login/authenticate using username + Password (OR) Username + PIN .
Also for PIN we need PIN policies like password policy for example PIN expiry, PIN reset and notification before PIN expiry, forget and reset PIN functionality.
REST api methods also required for the PIN related operations to invoke them.
Could you please help/support how to achieve this functionality in Keycloak.
Please provide if any custom code is available.
Please provide detailed step to proceed on this as I checked thatvUsername and PIN credential-based authentication is not available by default in keycloak tool.
You will need to implement several Keycloak SPIs, as a “PIN” credential is not a feature that Keycloak has out of the box. There is an example of a similar extension in the Server Developer documentation here: Server Developer Guide This section has an extension for a “Secret question” credential, and walks through all of the SPIs you must implement.
Are you sure you really want such a weak authentication ( 6 digits is much weaker than 6 character passwords, which are slo extremly weak).
Or do you actually want something more along OTP passwords, where the 6-digit code is generated either by an authentication app/device or sent by email/sms/whatever like e.g.github and google do?
Thank you for your reply. Once Username/PIN authentication is achieved, we will try to implement Multifactor / 2nd Factor authentication with the PIN to make it a stronger authentication method.
Thank you for your reply. I also need REST endpoint to develop so that I can able to set/reset PIN using REST api call and also require to set PIN expiration policy. could you please advise and provide any guidelines to proceed on this.