[keycloak-user] Forgot Password Error with Our own UserStorageProvider

Deepu Laghuvaram deepu.laghuvaram at gmail.com
Thu Jan 12 16:46:18 EST 2017 

I am using my own DB2UserStorageProvider and my Login and Registration are
working as expected but forgot password is not working as expected (When I
remove User Federation then Forgot Password is working as expected).

I am having the flow for Reset Credential as
Choose User         REQUIRED
Send Reset Email    REQUIRED
Reset Password      REQUIRED

I used an existing user in my DB2 database, with which I am able to login
and when I try that user to reset password, I am not receiving any email
and below are the logs

14:40:31,755 DEBUG [org.keycloak.authentication.DefaultAuthenticationFlow]
(default task-14) action: reset-credentials-choose-user
14:40:32,908 INFO  [DB2UserStorageProvider] (default task-14) Inside
getUserByUsername: testmail at gmail.com
14:40:32,914 INFO  [DB2UserStorageProvider] (default task-14) Entity.ID =
9bcff1bd-2ac9-4e63-b113-7061bd3f0278
14:40:32,914 INFO  [DB2UserStorageProvider] (default task-14)
Entity.setUsername = 9bcff1bd-2ac9-4e63-b113-7061bd3f0278
14:40:32,942 DEBUG [org.keycloak.authentication.DefaultAuthenticationFlow]
(default task-14) authenticator SUCCESS: reset-credentials-choose-user
14:40:32,942 DEBUG [org.keycloak.authentication.DefaultAuthenticationFlow]
(default task-14) processFlow
14:40:32,942 DEBUG [org.keycloak.authentication.DefaultAuthenticationFlow]
(default task-14) check execution: reset-credential-email requirement:
REQUIRED
14:40:32,942 DEBUG [org.keycloak.authentication.DefaultAuthenticationFlow]
(default task-14) authenticator: reset-credential-email
14:40:32,949 DEBUG [org.keycloak.transaction.JtaTransactionWrapper]
(default task-14) JtaTransactionWrapper  commit
14:40:32,957 DEBUG [org.keycloak.authentication.AuthenticationProcessor]
(default task-13) AUTHENTICATE
14:40:32,957 DEBUG [org.keycloak.authentication.AuthenticationProcessor]
(default task-13) AUTHENTICATE ONLY
14:40:33,008 INFO  [DB2UserStorageProvider] (default task-13) getUserById:
f:c3f5f5ce-6954-4e2f-82e7-1055df749be9:9bcff1bd-2ac9-4e63-b113-7061bd3f0278
14:40:33,008 INFO  [DB2UserStorageProvider] (default task-13) entity.getID:
9bcff1bd-2ac9-4e63-b113-7061bd3f0278
14:40:33,008 INFO  [DB2UserStorageProvider] (default task-13) Entity.ID =
9bcff1bd-2ac9-4e63-b113-7061bd3f0278
14:40:33,008 INFO  [DB2UserStorageProvider] (default task-13)
Entity.setUsername = 9bcff1bd-2ac9-4e63-b113-7061bd3f0278
14:40:33,030 DEBUG [org.keycloak.authentication.DefaultAuthenticationFlow]
(default task-13) processFlow
14:40:33,030 DEBUG [org.keycloak.authentication.DefaultAuthenticationFlow]
(default task-13) check execution: reset-credentials-choose-user
requirement: REQUIRED
14:40:33,030 DEBUG [org.keycloak.authentication.DefaultAuthenticationFlow]
(default task-13) execution is processed
14:40:33,030 DEBUG [org.keycloak.authentication.DefaultAuthenticationFlow]
(default task-13) check execution: reset-credential-email requirement:
REQUIRED
14:40:33,030 DEBUG [org.keycloak.authentication.DefaultAuthenticationFlow]
(default task-13) authenticator: reset-credential-email
14:40:33,030 DEBUG [org.keycloak.authentication.DefaultAuthenticationFlow]
(default task-13) invoke authenticator.authenticate
*14:40:33,030 WARN  [org.keycloak.events] (default task-13)
type=RESET_PASSWORD_ERROR, realmId=TestRealm, clientId=TestClient,
userId=f:c3f5f5ce-6954-4e2f-82e7-1055df749be9:9bcff1bd-2ac9-4e63-b113-7061bd3f0278,
ipAddress=127.0.0.1, error=invalid_email, auth_method=openid-connect,
auth_type=code, redirect_uri=http://localhost:8090/account/account.jsp
<http://localhost:8090/account/account.jsp>,
code_id=857a3ff7-837f-4e8d-8b4d-dabd8b38a89e, username=testmail at gmail.com
<testmail at gmail.com>*
14:40:33,030 DEBUG [org.keycloak.authentication.DefaultAuthenticationFlow]
(default task-13) reset browser login from authenticator:
reset-credential-email
14:40:33,030 DEBUG [org.keycloak.authentication.AuthenticationProcessor]
(default task-13) AUTHENTICATE
14:40:33,030 DEBUG [org.keycloak.authentication.AuthenticationProcessor]
(default task-13) AUTHENTICATE ONLY
14:40:33,030 DEBUG [org.keycloak.authentication.DefaultAuthenticationFlow]
(default task-13) processFlow
14:40:33,030 DEBUG [org.keycloak.authentication.DefaultAuthenticationFlow]
(default task-13) check execution: auth-cookie requirement: ALTERNATIVE
14:40:33,030 DEBUG [org.keycloak.authentication.DefaultAuthenticationFlow]
(default task-13) authenticator: auth-cookie
14:40:33,030 DEBUG [org.keycloak.authentication.DefaultAuthenticationFlow]
(default task-13) invoke authenticator.authenticate
14:40:33,030 DEBUG [org.keycloak.services.managers.AuthenticationManager]
(default task-13) Could not find cookie: KEYCLOAK_IDENTITY
14:40:33,030 DEBUG [org.keycloak.authentication.DefaultAuthenticationFlow]
(default task-13) authenticator ATTEMPTED: auth-cookie
14:40:33,030 DEBUG [org.keycloak.authentication.DefaultAuthenticationFlow]
(default task-13) check execution: auth-spnego requirement: DISABLED
14:40:33,030 DEBUG [org.keycloak.authentication.DefaultAuthenticationFlow]
(default task-13) execution is processed
14:40:33,030 DEBUG [org.keycloak.authentication.DefaultAuthenticationFlow]
(default task-13) check execution: identity-provider-redirector
requirement: ALTERNATIVE
14:40:33,030 DEBUG [org.keycloak.authentication.DefaultAuthenticationFlow]
(default task-13) authenticator: identity-provider-redirector
14:40:33,030 DEBUG [org.keycloak.authentication.DefaultAuthenticationFlow]
(default task-13) invoke authenticator.authenticate
14:40:33,030 DEBUG [org.keycloak.authentication.DefaultAuthenticationFlow]
(default task-13) authenticator ATTEMPTED: identity-provider-redirector
14:40:33,030 DEBUG [org.keycloak.authentication.DefaultAuthenticationFlow]
(default task-13) check execution: null requirement: ALTERNATIVE
14:40:33,030 DEBUG [org.keycloak.authentication.DefaultAuthenticationFlow]
(default task-13) execution is flow
14:40:33,030 DEBUG [org.keycloak.authentication.DefaultAuthenticationFlow]
(default task-13) processFlow
14:40:33,030 DEBUG [org.keycloak.authentication.DefaultAuthenticationFlow]
(default task-13) check execution: auth-username-password-form requirement:
REQUIRED
14:40:33,031 DEBUG [org.keycloak.authentication.DefaultAuthenticationFlow]
(default task-13) authenticator: auth-username-password-form
14:40:33,031 DEBUG [org.keycloak.authentication.DefaultAuthenticationFlow]
(default task-13) invoke authenticator.authenticate


It looks like the user is not in context, I am not sure why the user is not
in context as both getUserByUsername and getUserById are successful and
even it says "authenticator SUCCESS: reset-credentials-choose-user".
Could you please help me with this issue, I am using Keycloak 2.3.0 Final.

Thanks,
Deepu

More information about the keycloak-user mailing list