Keycloak 2FA Email Authentication Plugin to add Email-based 2FA support to Keycloak.
Plugin uses the default SMTP provider that you can set in Realm Settings -> Email
.
Tested with Keycloak <= v18.0.0
.
For demo purposes only. Use at your own risk.
Inspired by Keycloak 2FA SMS Authenticator
-
build JAR file
./gradlew shadowJar
You can find the
.jar
inbuild/libs
. -
copy files into Keycloak
cp build/libs/keycloak-email-authenticator-1.0-SNAPSHOT-all.jar /opt/keycloak/providers/
cp src/main/resources/theme-resources/templates/login-email.ftl /opt/jboss/keycloak/themes/base/login/
-
add message texts e.g. like this
cat src/main/resources/theme-resources/messages/messages_en.properties >> /opt/jboss/keycloak/themes/base/login/messages/messages_en.properties
-
setup new authentication flow in Keycloak
Authentication -> Flows
and update bindings inAuthentication -> Bindings
-
optional: configure plugin settings like
Email Subject
,Code Length
,TTL
, ...