Authenticator Config not applied correctly to multiple executions

[RomekCDPR]

Current Behavior

The following configuration is not applied to both executions (only to one):

authenticatorConfig:
  - alias: email 2FA config
    config:
      codeLength: 6
      codeLifetime: 15
authenticationFlows:
  - alias: CDP Browser - Email OTP
    description: Flow handling Email OTP
    providerId: basic-flow
    topLevel: false
    builtIn: false
    authenticationExecutions:
      - authenticator: email-two-factor
        authenticatorConfig: email 2FA config
        requirement: REQUIRED
        priority: 20
        userSetupAllowed: false
  - alias: CDP Registration - Email OTP
    description: Flow handling Email OTP
    providerId: basic-flow
    topLevel: false
    builtIn: false
    authenticationExecutions:
      - authenticator: email-two-factor
        authenticatorConfig: email 2FA config
        requirement: REQUIRED
        priority: 20
        userSetupAllowed: false

The configuration was correctly applied with 6.2.1-26.0.5 on Keycloak 26.0.8.

Expected Behavior

Authenticator Config is applied to both executions.

Steps To Reproduce

Environment

• Keycloak Version: 26.1.4
• keycloak-config-cli Version: 6.4.0-26.1.0

Anything else?

No response

[mbiti2]

@RomekCDPR, Thanks for raising the bug. We are currently investigating the issue.

[mbiti2]

@RomekCDPR, please check whether Keycloak has the authenticator or flow you are using in the yaml you provided, because if Keycloak does not have it, we will not be able to implement. We can only implement it with respect to the flows and authenticators available on Keycloak.

[RomekCDPR]

The email-two-factor is a custom authenticator we implemented in our project. Does it mean that custom authenticators are not supported by the tool?