Hi,
now that we have implemented step-up authentication (thanks for your help in Step-up Authentication max age and token lifespan), we have a new problem with reauthentication for required actions.
Before step-up authentication has been implemented:
We extended UpdatePassword exactly like dasniko did in his video https://www.youtube.com/watch?v=0JcYlNUiBsA. With the default browser flow from Keycloak, the user then has to reauthenticate using his password and OTP (if configured).
With step-up authentication we changed the browser flow: OTP is only checked if specific LoA (lets say 2) is required. Now when the user wants to update his password, the ConditionalLoaAuthenticator for LoA 2 skips the OTP.
How can we tell Keycloak to also ask for OTP if the user wants to update his password (or invokes another required action with maxAuthAge=0)?
Thanks 