37 lines
1.3 KiB
HCL
37 lines
1.3 KiB
HCL
resource "keycloak_authentication_flow" "webauthn_browser" {
|
|
realm_id = keycloak_realm.dev.id
|
|
alias = "webauthn_browser"
|
|
description = "browser based authentication"
|
|
}
|
|
|
|
resource "keycloak_authentication_execution" "auth_cookie" {
|
|
realm_id = keycloak_realm.dev.id
|
|
parent_flow_alias = keycloak_authentication_flow.webauthn_browser.alias
|
|
authenticator = "auth-cookie"
|
|
requirement = "ALTERNATIVE"
|
|
}
|
|
|
|
resource "keycloak_authentication_subflow" "webauthn_flow" {
|
|
realm_id = keycloak_realm.dev.id
|
|
alias = "webauthn browser forms"
|
|
description = "Username, password, otp and other auth forms."
|
|
parent_flow_alias = keycloak_authentication_flow.webauthn_browser.alias
|
|
provider_id = "basic-flow"
|
|
requirement = "ALTERNATIVE"
|
|
depends_on = [ keycloak_authentication_execution.auth_cookie ]
|
|
}
|
|
|
|
resource "keycloak_authentication_execution" "user_pass" {
|
|
realm_id = keycloak_realm.dev.id
|
|
parent_flow_alias = keycloak_authentication_subflow.webauthn_flow.alias
|
|
authenticator = "auth-username-password-form"
|
|
requirement = "REQUIRED"
|
|
}
|
|
|
|
resource "keycloak_authentication_execution" "webauthn" {
|
|
realm_id = keycloak_realm.dev.id
|
|
parent_flow_alias = keycloak_authentication_subflow.webauthn_flow.alias
|
|
authenticator = "webauthn-authenticator"
|
|
requirement = "REQUIRED"
|
|
}
|
|
|