Thu Jan 28 17:30:55 EST 2021

This item has been posted to,,

Keycloak new MFA mechanism activation

01/28/21 Thursday @ 5:00 PM EST - 01/28/21 @ 6:00PM EST

Group Responsible:
GS (General Services)

Affected Area:
External services utilizing Keycloak SDCC MFA realm (ex, Jupyterhub, Federated Login via InCommon)

Expected User Impact:
In the unlikely case TOTP tokens are created during this window they will be invalidated and require re-generation once the downtime is over.

Maintenance Type:
Transparent with minor impact stated above

Submitted By:
Masood Zaran,
Mizuki Karasawa,

Migration of MFA TOTP flow from Keycloak to PrivacyIDEA. Migration of existing TOTP tokens into IPA as well.