Hi,
When I use KeyCloak for authentication (Implicit Flow ) I receive a valid token with ACR=1
But when we are doing a pen test from a whitelisted server they receive a not valid token.
with ACR=0. Else the token is similar.
So my question is, is the different ACR values the reason for not proper authentication has been done?
And if so what can be the reason for the acr = 0 ?