Hi,
My Authentication Flow looks like below:
- Kerberos (Required)
- Flow1 (Conditional)
- Condition1 (Required) - Check custom parameter if user wants usr-pw-form [SPI]
- Execution1 (Required) - Username Password Form
- Flow2 (Conditional)
- Condition2 (Required) - Check if user is not allowed to log in [SPI]
- Execution2 (Required) - Deny Access
- Flow3 (Conditional)
- Condition3 (Required) - Check if user needs MFA [SPI]
- Execution3 (Required) - MFA [SPI]
What I expected is like below:
- Kerberos works fine
- Go to Flow1
- Test account doesn’t meet Condtion1 (=false)
- Go to Flow2
- Test account doesn’t meet Condtion2 (=false)
- Go to Flow3
- Test account meets Condition2 (=true)
- Do the execution 3 correctly > allow access
But what actually happens is that it starts to behave like below after step4:
- Check Condition1 again
- Check Condition2 again
- Throw “KC-SERVICES0013: Failed authentication: java.lang.NullPointerException” (because the executions1 and 3 do not send the custom parameter I sent in the beginning)
1. How can I make the Conditional Flow as I expect?
- I tried alternative too, but this isn’t the one I want.
- Why does it check the false conditions again?
2. How can I use the custom parameters again?
- I hard-coded the parameters in condition1 and 2 for the null case (step5~7)
- Then this goes 5, 6, then allows access
- I send like this “[KEYCLOAK]/…/auth?param1=a¶m2=b&…”
- How can I make the executions to send the param1 and param2 as well?