[keycloak-user] Fwd: User Activation

Stian Thorgersen stian at redhat.com
Wed Mar 25 10:13:29 EDT 2015 


----- Original Message -----
> From: "Nils Preusker" <n.preusker at gmail.com>
> To: "Stian Thorgersen" <stian at redhat.com>
> Sent: Wednesday, 25 March, 2015 3:04:59 PM
> Subject: Re: [keycloak-user] User Activation
> 
> Hey Stian,
> 
> thanks for your reply! That works, however we have a couple of issues with
> the suggested flow:
> 
> * if I'm not mistaken the e-mail template is the same one that is used for
> the "forgot password" link, this is not ideal in our case because it would
> be the first e-mail (first contact) that new users in our system would
> get...

I agree that's less than ideal, but it's how it works atm as it's just a way for an admin to initiate the reset password flow. Create a JIRA and we can fix it when/if we get time.

> * when I follow the flow that you suggested I always get redirected to the
> account page (/auth/realms/{realm}/account) after creating a password and I
> wasn't able to figure out why (I would have expected to be redirected to
> the default redirect URL, so to my application)

It doesn't know what app to use as you're initiating this flow from the admin console. If it's done by clicking reset password during login it's done as part of the login flow from your app so it knows what app to redirect to. 

One option would be to provide an option in the admin console to select where to redirect the user to. However, it can't login the user as part of the flow as the app is required to check the state variable, which it can't as it didn't initiate the flow.

> Cheers!
> Nils
> 
> 
> 
> 
> On Wed, Mar 25, 2015 at 9:49 AM, Stian Thorgersen < stian at redhat.com > wrote:
> 
> 
> Create a user in admin account, set the users email, click on credentials and
> there's an option to send a password reset email.
> 
> ----- Original Message -----
> > From: "Nils Preusker" < n.preusker at gmail.com >
> > To: keycloak-user at lists.jboss.org
> > Sent: Wednesday, 25 March, 2015 9:43:32 AM
> > Subject: [keycloak-user] User Activation
> > 
> > Hi,
> > 
> > I'm wondering whether there is a way to set up user activation so that
> > 
> > * we create a new user via the admin API
> > * the account has no credentials (password) and is inactive
> > * the user receives an e-mail when the account is created
> > * when the user logs in for the first time (following a link in the
> > e-mail),
> > he is prompted to set up his password and the account is activated
> > 
> > So far I have only been able to get this to work with an initial "default"
> > password followed by a prompt to re-set it. I also didn't find a way to
> > notify a user of the new account via e-mail. Am I missing something?
> > 
> > Cheers,
> > Nils
> > 
> > 
> > _______________________________________________
> > keycloak-user mailing list
> > keycloak-user at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/keycloak-user
> 
> 
> 
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user

More information about the keycloak-user mailing list