[keycloak-user] Forgot password flow + TOTP
Bill Burke
bburke at redhat.com
Mon Nov 16 09:10:16 EST 2015
You have total control of forgot password flow. Go to
Authentication->Flows. See the reset-credentials flow. You can build
your own flow to get the behavior you want.
On 11/16/2015 5:50 AM, Johan Heylen wrote:
> Hello,
>
> we currently have a keycloak server setup with both TOTP and the forget
> password (reset-credential) flow active.
>
> When we organize a update password action for a user through the admin
> panel, he gets an email with a link, and after choosing a new password,
> the user has to enter the TOTP in the login screens before actually
> being logged in.
>
> When the user himself organizes a forget password on the login screen,
> he gets an email with a link, and after choosing a new password, the
> user DOES NOT have to enter the TOTP in the login screens before
> actually being logged in.
>
> We want both actions to be the same, or at least always want the TOTP be
> entered in logging in.
>
> Can this last part be changed, either through a configuration setting or
> creating a whole new reset credential flow within the current Keycloak
> version (1.6.0) or do I need a JIRA ticket for a feature request?
>
> Tnx,
>
> Johan Heylen
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
More information about the keycloak-user
mailing list