issue with keycloak password reset confirmation page
by Sheng Hong Pan
Hello,
We are using forgot password feature in keycloak. After resetting password, it does not show account updated confirmation page (see below). Instead, it logs user into the application. I'm wondering if anyone has solution or suggestion on it.
[cid:image001.png@01D3F744.13CDD650]
Steps to reproduce:
1. Request password reset via Forgot Password on login page
2. Copy/Paste reset password link into the same browser window where the request is submitted
3. Type in new password and submit
Thanks.
-Sheng
----------------------------------------------------------------------
This e-mail, including any attached files, may contain confidential and privileged information for the sole use of the intended recipient. Any review, use, distribution, or disclosure by others is strictly prohibited. If you are not the intended recipient (or authorized to receive information for the intended recipient), please contact the sender by reply e-mail and delete all copies of this message.
6 years, 7 months
LDAP with SAML Identity provider
by priti guleria
Hi Team,
I am trying to use LDAP as SAML 2.0 Identity provider.
Can someone please guide me what should be the value of Single Sign-On
Service URL?
If you can provide some example it will be very helpful.
Regards,
Priti
6 years, 7 months
keycloak security proxy client roles constraints
by Pierre Nowak
Hello,
I am not able to set url constraints based on client roles.
If I use realm roles it works
If you have a role "user" in realms and a "user" role in a client
"client_test"
How do you call the client_test "user" role ? I tried "client_test/user"
but doesn't work.
If I delete the "user" realm role it doesnt work either :/
"roles-allowed": [
"user"
]
6 years, 7 months
Writing new way to login
by triton oidc
Hi,
in my current scenario, i wish to write a new way for user to login.
I saw an example that seems pretty simple to start with :
PassThroughAuthenticator, the user is hardcoded in the class and it already
implements Authenticator and AuthenticatorFactory
I've been trying to use this example is my keycloak
Looking at the configuration xml, I saw some lines containing spi.
like mentioned in the doc
<https://www.keycloak.org/docs/3.3/server_development/topics/providers.html>
I guess i need to put the PROVIDER_ID ("testsuite-dummy-passthrough" in my
example)
somewhere in the XML, then it will appear in the UI in Authentication /
flow / execution / Provider
I tried this, but it's not showing in the UI after a restart
<spi name="dummy-login">
<default-provider>testsuite-dummy-passthrough</default-provider>
<provider name="default" enabled="true"/>
</spi>
1) am i looking in the right direction for filling the XML, or did i miss
any step
2) am i looking in the correct menu in the UI
Thanks for any help
I'll keep trying in the meantime
Amaury
6 years, 7 months
Realms and LDAP
by Pedro Pedro
Hi
When creating new realm in Keycloak I would like to create a new objectclass=organizationalUnit in LDAP,
so this will be a dedicated to storing the users for the newly created realm.
Is that possible to achieve with Keycloak?
Regards.
6 years, 7 months
Fwd: Keycloak + NoSQL
by Pulkit Srivastava
Thanks or the reply.
One more question.
Can we integrate Keycloak with Amazon Dynamo DB using User Storage SPI.
Thanks,
Pulkit
On Wed, May 16, 2018 at 7:51 PM, Meissa M'baye Sakho <msakho(a)redhat.com>
wrote:
> NoSQL is not supported out of the box.
> You'll have to implement a User Storage SPI if you want to use it.
>
> Meissa
>
> 2018-05-16 11:04 GMT+02:00 Pulkit Srivastava <pulkitsrivastavajd(a)gmail.com
> >:
>
>> How can we integrate Keycloak with NoSQL db to store user credentials and
>> user authentication details.
>>
>> Thanks,
>> Pulkit
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user(a)lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>
>
>
6 years, 7 months
Fetch QR Code - TOTP REST API
by Ankur Singhal
Hi All,
I have my own login page, wish to integrate this with Keycloak OTP
Functionality.
Looking for REST API for below flows.
1.) User Enters username/password and login.
2.) If *CONFIGURE_OTP* action is configured, REST API return with QR
Code (image/secret).
3.) User scans and submits the OTP.
4.) Subsequent login just return to enter OTP if no action configured.
Thanks
Ankur
6 years, 7 months
Password Reset Email - Security Risk
by Vinay
Hi,
When using password reset function an email is sent to the user in order to
change the password. There is no limitation in number of password change
requests a user can do and a malicious user could generate a number of
requests and hence as many email to the victim's email inbox. This is a
potential security risk.
Is there a way to stop this ?
-Vinay
6 years, 7 months
forgot password redirect
by Matthew Broadhead
if a user clicks forgot password and enters their email address they are
sent a password reset email. however this password reset email doesn't
contain a redirect_uri to help them get back to the webapp. shouldn't
this be autodetected by keycloak? because they must already be in the
context of a particular webapp? do i need to change a setting somewhere?
6 years, 7 months
