With Keycloak 26.4.0, the Browser - Conditional OTP" flow was changed to "Browser - Conditional 2FA" flow which now allows to use WebAuthn and Recovery Tokens as a second factor.
The update documentation, however, states:
Previously the default browser flow had a Browser - Conditional OTP conditional sub-flow that enabled One-Time Password (OTP) as a 2nd Factor Authentication (2FA). Starting with this version, the sub-flow is renamed to Browser - Conditional 2FA, the OTP Form is Alternative, and includes two more 2FA methods: WebAuthn Authenticator and Recovery Authentication Code Form. Both new executions are Disabled by default, but they can be set to Alternative to include them into the flow.
Upgraded realms will not be changed. The updated flow will only be available for new realms. [emphasis added] Take this change into consideration if you have automated the realm creation.
Since all the configuration and users exist in that realm, how would I now change this flow and get this update? Or is the only solution to start with a new realm and add all existing users there again?
