[keycloak-user] Authentication Flow Changes in 5.0?

Craig Setera craig at baseventure.com
Sun Mar 31 15:08:45 EDT 2019 

I previously created a new action token/set initial password authentication
flow for Keycloak.  I know that this was working previously, but for some
reason appears to have stopped working now.  The only thing I can think
that has changed was upgrading Keycloak from the 4.8.3 version to the 5.0.0
version.  In my code, I'm creating and registering a new
AuthenticationFlowModel instance.

    private AuthenticationFlowModel getInitialPasswordFlow(RealmModel
> realm) {
>         AuthenticationFlowModel flow = realm.getFlowByAlias(FLOW_ALIAS);
>         if (flow == null) {
>             flow = new AuthenticationFlowModel();
>             flow.setAlias(FLOW_ALIAS);
>             flow.setBuiltIn(true);
>             flow.setDescription("Set Initial Password");
>             flow.setProviderId(AuthenticationFlow.BASIC_FLOW);
>             flow.setTopLevel(true);
>             realm.addAuthenticationFlow(flow);
>         }
>
>         return flow;
>     }
>

Which is called as part of my handleToken implementation:

    public Response handleToken(
>         UserInvitationActionToken token,
>         ActionTokenContext<UserInvitationActionToken> tokenContext)
>     {
>         return tokenContext.processFlow(
>             false,
>             "set-initial-password",
>             getInitialPasswordFlow(tokenContext.getRealm()),
>             null,
>             new
> UserInvitationAuthenticationProcessor(token.getRedirectURI()));
>     }
>

However, it does not seem that the password flow is ever executed.  It
seems to jump right to authenticationComplete:

         * @see
> org.keycloak.authentication.AuthenticationProcessor#authenticationComplete()
>          */
>         @Override
>         protected Response authenticationComplete() {
>
> authenticationSession.setAuthNote(UserInvitationConstants.SET_INITIAL_PASSWORD_AUTH_NOTE,
> "true");
>
>             if (redirectURI != null) {
>                 authenticationSession.setRedirectUri(redirectURI);
>             }
>
>             return super.authenticationComplete();
>         }
>

Were there changes between 4.8.3 and 5.0.0 that would impact the
authentication flow functionality?  If so, can someone point me to the
changes as well as any information I might need to know in order to fix up
my implementation to make it work again?

Thanks so much,
Craig

=================================
*Craig Setera*

*Chief Technology Officer*

More information about the keycloak-user mailing list