[keycloak-user] Credential Reset question | secondary email address

mj lists at merit.unu.edu
Wed Aug 9 06:01:34 EDT 2017


Hi,

We configured a writeable federated ldap (AD) provider. Needs to be 
writeable, because we use the keycloak password change function.

Now, in case a user doesn't remember his password, we can use the 
"Credential Reset" function, which sends a password reset email to the 
LDAP email address.

However, since the user doesn't remember his password, he will not be 
able to access the reset email... Chicken and egg situtation...

So we can change the email address in keycloak temporarily, but that 
will also change the email in AD LDAP (since it's writeable) which 
causes many problems in other ldap-connected applications.

So: Is there a way to send the password reset email to a 'secondary' 
email address? Perhaps an address we can manually enter at the moment a 
user requests the password reset (using a popup?), or is there a 
secondary password field for a user in keycloak? (perhaps importable 
from ldap, as we keep secondary emails there as well)

Best regards,
MJ


More information about the keycloak-user mailing list