v2.2.2 🚀

Release Notes for v2.2.2

🚀 Features

• Device ID tracking support: The provider now automatically includes deviceId in track requests by reading the __as_aid cookie set by the Authsignal Web SDK. This enables device-based authentication rules such as new device detection in your Authsignal rules engine.

v2.2.1 🚀

Release Notes

Improvements

Enhanced MFA Flow User Experience

What's New: Improved handling of user-initiated MFA cancellations to provide a smoother authentication experience.

Changes:

• Optimized flow control when users exit the MFA challenge screen

Benefits:

• More intuitive authentication flow when users need to restart the login process

---

Technical Details

Files Modified:

• app/src/main/java/com/authsignal/keycloak/AuthsignalAuthenticator.java

Authentication Flow Enhancements:

• Refined handling of CHALLENGE_REQUIRED state responses
• Implemented automatic flow reset for improved user experience

v2.2.0 🚀

Release v2.2.0

🎉 New Features

Keycloak Groups and Roles in Custom Data

This release automatically passes Keycloak user groups and roles to Authsignal, enabling more sophisticated authentication rules based on user permissions and group memberships.

What's included:

• keycloakGroups - User's group memberships
• keycloakRoles - User's realm-level roles
• keycloakClientRoles - User's client-level roles

Use Cases:

• Implement group-based access policies (e.g., require additional verification for "Admin" group)
• Apply different authentication rules based on user roles
• Create step-up authentication flows for privileged roles
• Build conditional MFA requirements based on permissions

Getting Started:

1. Set up custom data points in your Authsignal portal for keycloakGroups, keycloakRoles, and keycloakClientRoles
2. Create rules in Authsignal that reference these custom attributes
3. Deploy the updated plugin - groups and roles will automatically be included in authentication requests

No code changes required on your end - this data is automatically sent with every authentication request.

Full Changelog: v2.1.5...v2.1.6

v2.1.5 🚀

Changes in Release v2.1.5

• Allow federated sign-in @stevenclouston (#21)

Configuring Keycloak:

Navigate to Identity providers -> Your provider -> Settings -> Post login flow = Authsignal flow (or whatever you named it)

Full Changelog: v2.1.4...v2.1.5

v2.1.4-beta.1 🚀

Changes in Release v2.1.4-beta.1

• Brokered login session user support @stevenclouston (#19)
• Add release drafter @stevenclouston (#18)

Full Changelog: 2.1.3...v2.1.4

2.1.3

Changes in Release v2.1.3

✨ Features

• Handle email sign-in (#16)

2.1.2

Security Enhancement

Authentication Flow Improvements

• Strengthened password verification step in multi-factor authentication flow

Technical Details

The authentication flow now properly sequences password validation before proceeding to MFA challenges, ensuring both factors are independently verified for maximum security.

2.1.1

Release Notes: Enhanced Passkey Autofill Functionality

This release introduces enhanced passkey autofill functionality for Keycloak, while maintaining backward compatibility with its standard Username Password Form. A new passkey-autofill parameter allows administrators to enable or disable this feature, offering flexibility for custom authentication flow configurations.

---

Key Features

1. Backward Compatibility

• When the passkey-autofill parameter is disabled and Keycloak's standard Username Password Form is used:
  • The authenticator follows the existing logic.
  • Username and password validation are handled by Keycloak's Username Password flow.
  • The authenticator performs an additional MFA check after the Username Password step.

2. Custom Login Flow with Passkey Autofill

• When the passkey-autofill parameter is enabled, and the Username Password Form step is removed:
  • The authenticate method renders a custom login.ftl form.
  • Upon form submission:
    • The action method validates the username and password.
    • It proceeds to perform MFA after successful validation.
• If passkey autofill is used:
  • The user is logged in immediately upon successful passkey authentication.

---

Enabling Passkey Autofill

To enable passkey autofill, add the following files to your Keycloak theme directory (themes/mytheme/), where mytheme is the name of your theme:

1. themes/mytheme/login/login.ftl
2. themes/mytheme/resources/js/script.js
3. themes/mytheme/resources/css/styles.css

Ensure the theme is enabled in your admin settings:
Realm settings -> Themes -> Login theme

---

Example: login.ftl

<link rel="stylesheet" href="${url.resourcesPath}/css/styles.css">
<script src="${url.resourcesPath}/js/script.js"></script>

<div class="login-container">
  <div class="login-card">
    <div class="login-header">
      <p>Please enter your credentials to continue</p>
    </div>

    <form action="${url.loginAction}" method="post" class="login-form">
      <div class="form-group">
        <label for="username">Username</label>
        <input
          id="username"
          name="username"
          type="text"
          autocomplete="username webauthn"
          placeholder="Enter your username"
        />
      </div>
      
      <div class="form-group">
        <label for="password">Password</label>
        <input
          id="password"
          name="password"
          type="password"
          placeholder="Enter your password"
        />
      </div>

      <button type="submit">Sign In</button>
    </form>
  </div>
</div>

themes/mytheme/resources/js/script.js

  var usernameInput = document.getElementById("username");
  var passwordInput = document.getElementById("password");

  const formElement = document.querySelector("form");

  if (usernameInput && passwordInput) {
    usernameInput.setAttribute("autocomplete", "username webauthn");

    // NOTE: Replace the following values with your Authsignal tenant ID and server URL
    var client = new window.authsignal.Authsignal({
      tenantId: "YOUR_TENANT_ID",
      baseUrl: "https://api.authsignal.com/v1",
    });

    client.passkey
      .signIn({ autofill: true })
      .then((response) => {
        if (response) {
          const hiddenTokenInput = document.createElement("input");
          hiddenTokenInput.type = "hidden";
          hiddenTokenInput.name = "token"; // Ensure the name matches what the backend expects
          hiddenTokenInput.value = response.token;
          formElement.appendChild(hiddenTokenInput);
          formElement.submit();
        }
      })
      .catch((error) => {
        console.log("error", error);
      });
  }
}

function loadAuthsignalSdk() {
  var script = document.createElement("script");
  script.onload = setWebauthnAttribute;
  script.src = "https://unpkg.com/@authsignal/browser@0.5.2/dist/index.min.js";
  document.head.appendChild(script);
}

loadAuthsignalSdk();

themes/mytheme/resources/css/styles.css
Style the elements according to your theme's requirements by adding your own CSS.

2.1.0

Release Notes for Version 2.1.0

Keycloak Integration Update

• Feature Added: Support for passkey autofill, enabling seamless and faster authentication experiences.

2.0.1

Release Notes: Version 2.0.1

• Enhanced error handling for smoother and more intuitive configuration setup.