🔒 Keycloak 2FA Email Authenticator

Keycloak Authentication Provider implementation to get a two factor authentication with an OTP/code/token send via Email (through SMTP)

When logging in with this provider, you can send a verification code (otp) to the user's e-mail address. Tested with Keycloak version 19.x, if you are using different Keycloak version, don't forget to change the version in pom.xml file.

The Server Development part of the Keycloak reference documentation contains additional resources and examples for developing custom Keycloak extensions.

🚀 Deployment

Provider

mvn package will be create a jar file. copy keycloak-2fa-email-authenticator.jar to keycloak/providers/ directory.

if you are Dockerized keycloak then copy to /opt/jboss/keycloak/standalone/deployments/ directory.

Theme Resources

html/code-email.ftl is a html email template. Copy to themes/base/email/html/

text/code-email.ftl Copy to themes/base/email/text/

messages/*.properties Append to themes/base/email/messages/messages_en.properties

Configuration

Email Configuration

SMTP setting configure for e-mail send. Realm Settings/Email

Authentication Flow

Create new browser login authentication flow and add Email OTP flow before Username Password Form.