Keycloak and external hard token OTP provider

I’m starting to use keycloak and for now it works with the normal login workflows. I’m able to login users with username and password.

I need to use it also with hard tokens(OTP) for multi factor login is it possible to implement a workflow that requires first the normal username/password and then this external OTP provider?

As extra information this external OTP have a radius interface.

I’m not able to find any documentation regarding this. Anyone can guide me?

Thank you
Julio Carreira

You can achieve this today with a custom authenticator for the hard-token. However, there are quite a few limitations with regards to adding custom two factor mechanisms today, which we are working to resolve as part of introducing support for WebAuthN (see https://issues.jboss.org/browse/KEYCLOAK-7159 for more details).

Thank you for your reply Stianst,

I don’t know if I should open a new question, but i have a question related to this one.
If I only want to authenticate (once) against a Radius server is there already a module or I need to build my own?

Thank you again