[keycloak-user] Get old password in custom update-password required action
Dominik Guhr
pinguwien at gmail.com
Mon Jun 4 08:46:10 EDT 2018
Hi everyone,
I need help with the following custom authentication flow:
1a. user logs in via a custom username/pw form authenticator. Success
case: he gets logged in, backendwise into a third-party system via a
REST call. User is created in keycloak. => works!
1b. user logs in, but thirdparty system returns a flag that user has to
change his password. For this, I created a required action which just
uses the "normal" update_password required action, but in its
processAction method calls the thirdparty system. => Doesn'T really
work, because:
one requirement of the thirdparty-API for updating the pw of a user to a
new one is, there has to be the old password in the request json, syntax:
{
username: "...",
passwordNew: "...",
passwordOld: "..."
}
Now I am struggling a little to get the old password in my required
action-form, which, as of now, is the login-update-password.ftl as can
be found here:
https://github.com/keycloak/keycloak/blob/master/themes/src/main/resources/theme/base/login/login-update-password.ftl
It seems there already is a hidden field for the current password, but
this has no value.
So this seemed not to work, and now I am thinking to create my own form
and set it for the required action. Therefor I have one problem (so far):
The code I use now for creating the update pw-form which is the "normal"
kc-form looks like this:
@Override
public void requiredActionChallenge(RequiredActionContext context) {
Response challenge = context.form()
.setAttribute("username",
context.getAuthenticationSession().getAuthenticatedUser().getUsername())
.createResponse(UserModel.RequiredAction.UPDATE_PASSWORD);
context.challenge(challenge);
}
Now I want to use my own form, containing another form element where
user has to put in his old pw. So, what do I need to change here?
I saw the secretactionrequiredaction at github, which uses
createForm("...ftl"), but not the setAttribute and/or createResponse -
so, one question is: is createForm... enough to get my own form loaded
at the required action? (aside from putting a custom ftl in the theme I use)
Would be great to get some hints here!
Thanks in advance,
Dominik
dominik.guhr at codecentric.de
More information about the keycloak-user
mailing list