Weak and strong authentication #
Use Case #
A bank provides several digital solutions to their customers. Depending on the URL, some of these services need to be protected by a second factor login, while others can be accessed by simply logging in using username and password. The timeout should vary per URL.
Solution #
We implemented an extension for Keycloak to support both a weak (enter only username and password) as well as a strong (enter both username / password as well as the second factor) authentication mechanism.