[keycloak-user] Issues with Keycloak and AD

Marek Posolda mposolda at redhat.com
Fri Apr 21 07:57:25 EDT 2017


I will try to reproduce that. What's your MSAD version btv?

Thanks,
Marek

On 20/04/17 23:55, Charles Hardin wrote:
> Hello All,
>
> I have setup an instance of Keycloak 3 and connected it to AD. It is setup
> to sync users and is writeable edit mode. I also have Pasword Policy Hints
> enabled in the MSAD Account Controls mapper. I have user registration
> turned on in Keycloak.
>
> When I register a user in keycloak, it creates the user in a disabled state
> in AD, and prompts the user in keycloak to change the password they just
> set during account creation to activate the account. This then fails
> because AD is currently configured to enforce a minimum password age of one
> day.
>
> I am ok with the account being created disabled, but how do I get around
> the immediate 2nd password request?
>
> Thanks,
>
> Chuck
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user




More information about the keycloak-user mailing list