Weak and strong authentication
A bank provides several digital solutions to their customers. Depending on the URL, some of these services need to be protected by a second factor login, while others can be accessed by simply logging in using username and password. The timeout should vary per URL.
We implemented an extension for Keycloak to support both a weak (enter only username and password) as well as a strong (enter both username / password as well as the second factor) authentication mechanism.