This is forked from https://github.com/lukaszbudnik/keycloak-ip-authenticator
This is a simple Keycloak Java Authenticator that checks if the user is coming from a trusted network or not. If the user is coming from a trusted network MFA step is skipped. If the user is coming from a non-trusted network MFA step is forced.
The authenticator has to be used together with Conditional OTP Form component.
Build your own jar file or deploy keycloak-ip-authenticator.jar into /opt/keycloak/providers/ folder
To build the project execute the following command:
mvn packagecp target/keycloak-ip-authenticator.jar /opt/keycloak/providers/Run keycloak on dev mode
start-dev- add step
IP Authenticatorin your flow - set alias name for excample
ip-whitelist - set CIDR for excample
192.168.1.0/24
- set alias name for excample
ip-whitelist - set OTP control User Attribute
ip_based_otp_conditional - set Fallback OTP handling
skip