Support for Step-up
Depending on the sensitivity of the involved data of an application the requirements for the quality of authentication can be different. For accessing less sensitive information the user is only required to do a weak authentication. When requesting more sensitive data the user is forced to do a step-up authentication to a strong level by using a second factor.
We have implemented a solution based on Keycloak to support a step-up authentication within the service portal of a bank. As of July 2020 the ticket KEYCLOAK-847 for the step-up feature within Keycloak is still open.