[keycloak-user] another small enhancement request for MSAD password mapper

mj lists at merit.unu.edu
Thu Jan 26 05:08:04 EST 2017


Hi Marek,

On 01/24/2017 11:47 AM, Marek Posolda wrote:
> Can you doublecheck this scenario on your side? Are you using latest
> Keycloak master?

So I double checked. We are using 2.5.0, NOT latest master, but it does 
NOT work:

As soon as I check "user must change password on next logon", the MSAD 
attribute pwdLastSet changes to 0. (that is correct, confirmed with an ldif)

However, keycloak tells me: invalid username or password. Removing the 
checkbox sets pwdLastSet to -1, and the logon succeeds again.

Searching through jira, I don't see an explanation for the difference in 
behaviour between 2.5.0 and 2.5.1. If I can find some time, I'll try 
installing 2.5.1, to see if it works there...

MJ


More information about the keycloak-user mailing list