I’ve seen several topics but haven’t quite found one that fits my use-case, or one I can tweak to fit. I’m using Keycloak to enforce 2FA while using an LDAP server as the account manager backend. My goal is to create accounts in LDAP as necessary, and let Keycloak handle the authentication.
Right now the browser flow works, except it doesn’t handle 2FA registration well. I simply want the user to be presented with the choice to register OTP or WebAuthN if they don’t already have it registered. This seems really difficult to accomplish via flow. If so, why? I don’t want to constantly log in to Keycloak to manage OTP/WebAuthN registration or set flags. Is there a better way to require one of those two?