I can reproduce this, please open a JIRA.
On Mon, Jun 5, 2017 at 10:59 AM, Gregoire Jeanmart <
Gregoire.Jeanmart(a)ai-london.com> wrote:
Hello Marek,
Thank you for your response. I don't know if it's an environment issue.
I've actually tried on many browsers, 2 versions of Keycloak (2.4 and 3.1)
installed on a Linux CentOS and Windows Server OS, even a fresh install and
I still getting the issue.
Please find below the steps to reproduce the bug:
1. Update a user by adding "Update Password" as Required User Actions
2. Login with this user (in my case "test123"). When you click on submit,
Keycloak should redirect to the Change Password screen
3. I enter the new password (twice) and click on submit
As you can see on the screenshot, the browser (both GoogleChrome or
Firefox latest version) try to store "This is not a login form"
I found this in the Keycloak source code: [
login/login-update-password.ftl ]
<form id="kc-passwd-update-form"
action="${url.loginAction}" method="post">
<input type="text" readonly value="this is not a login
style="display: none;">
<input type="password" readonly value="this is not a login
form" style="display: none;">
<div class="${properties.kcFormGroupClass!}">
<div class="${properties.kcLabelWrapperClass!}">
<label for="password-new" class="${properties.
<div class="${properties.kcInputWrapperClass!}">
<input type="password" id="password-new"
name="password-new" class="${properties.kcInputClass!}" autofocus
autocomplete="off" />
It looks like this code is interpreted by the browser and is being store
in the Password vault.
I will considerer your suggestion and raise a JIRA issue.
Best regards,
Gregoire Jeanmart
-----Original Message-----
From: Marek Posolda [mailto:mposolda@redhat.com]
Sent: 05 June 2017 08:58
To: Gregoire Jeanmart <Gregoire.Jeanmart(a)ai-london.com>;
Subject: Re: [keycloak-user] Browser tries to store the username "This is
not a login form" after updating a temporary password
This seem like the environment specific issue. I never saw this.
It seems that it happens under some special circumstances (eg. specific
browser with some specific browser plugins enabled etc). Feel free to
create JIRA if you manage to figure some more details how to reproduce it.
On 05/06/17 09:33, Gregoire Jeanmart wrote:
> Hello,
> Sorry for chasing up. Does anybody face the same problem?
> Thanks,
> ________________________________________
> From: Gregoire Jeanmart
> Sent: 31 May 2017 18:36
> To: keycloak-user(a)lists.jboss.org
> Subject: Browser tries to store the username "This is not a login
> form" after updating a temporary password
> Hello,
> One of my users raised an issue after he has been asked to change his
password [action: Update password]. The browser asked him to store a couple
username/password equals to "This is not a login form" / %new password%
[see screenshot
https://i.stack.imgur.com/c6dsi.png]. This behaviour
isn't accepted by my users as it is very unusual and not user friendly.
> Is there a way to fix this issue ?
> Information:
> - Version: Keycloak 2.4.0-FINAL and Keycloak 3.1.0-FINAL
> - Browser: Google Chrome and Mozilla Firefox
> - Similar issue:
> is-being-stored-when-updating-a-password-in-keycloak
> Thanks in advance.
> Gregoire Jeanmart
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org
keycloak-user mailing list