[keycloak-user] email to reset password falied - keycloak 2.5.0

Michael Mok moktc at hotmail.com
Sat Feb 11 21:47:04 EST 2017 

Was trying to send this via my other email but did not reach the mailing list. trying again with my other email.


Hi All

Need help trying to allow the user to update their password. The use case

1) Login to admin
2) Select a user, goto credential and select Update Password as reset again and sent email
3) User received email and click on the link (within the minute)

4) Keycloak complains with error We are sorry - an  error occurred please login again.

Setup
Keycloak 2.5.1 Final
Apache 2.4 - SSL enabled
Mod proxy ajp
OS ubuntu 14.04


Keycloak standalone.xml ajp config

           <server name="default-server">
                <ajp-listener name="mmemoeListener" socket-binding="ajp" redirect-socket="proxy-https" scheme="https" />
                <http-listener name="default" socket-binding="http" redirect-socket="https"/>
                <host name="default-host" alias="localhost">
                    <location name="/" handler="welcome-content"/>
                    <filter-ref name="proxy-peer"/>
                    <filter-ref name="server-header"/>
                    <filter-ref name="x-powered-by-header"/>
                </host>
            </server>
            <servlet-container name="default">
                <jsp-config/>
                <websockets/>
            </servlet-container>
            <handlers>
                <file name="welcome-content" path="${jboss.home.dir}/welcome-content"/>
            </handlers>
            <filters>
<filter name="proxy-peer" class-name="io.undertow.server.handlers.ProxyPeerAddressHandler" module="io.undertow.core" />
                <response-header name="server-header" header-name="Server" header-value="WildFly/10"/>
                <response-header name="x-powered-by-header" header-name="X-Powered-By" header-value="Undertow/1"/>
            </filters>

Apache 2 http conf
                ProxyRequests Off
ProxyPreserveHost On
SSLProxyEngine On

<Proxy *>
    RequestHeader set X-Forwarded-Proto "https"
    Require all granted
</Proxy>

#Keycloak requirements
LogFormat "%h %{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\ " common
ProxyPass /auth ajp://localhost:8009/auth


Link received in the Update Your Account email

https://demo.mmemoe.com/auth/realms/mmemoeDemo/login-actions/execute-actions?key=M5QehaYrsNyxEFC66hDSudzxWXoeimIMH5Sp9Lvbqhs.5b219018-98ad-4f39-a021-bda421809bcc

Apache log
[11/Feb/2017:01:37:06 +0000] "GET /auth/realms/mmemoeDemo/login-actions/execute-actions?key=M5QehaYrsNyxEFC66hDSudzxWXoeimIMH5Sp9Lvbqhs.5b219018-98ad-4f39-a021-bda421809bcc HTTP/1.1" 500 2441

Keycloak log
01:37:06,091 WARN  [org.keycloak.events] (default task-1) type=EXECUTE_ACTIONS_ERROR, realmId=2e6cf05c-62bc-4b12-8db2-4a85053225f7, clientId=null, userId=null, ipAddress=110.143.116.121, error=invalid_code


Thanks.

More information about the keycloak-user mailing list