update password failed

Friday, 10 February 2017

Hi All

Need help trying to allow the user to update their password. The use case

1) Login to admin
2) Select a user, goto credential and select Update Password as reset again
and sent email
3) User received email and click on the link (within the minute)

4) Keycloak complains with error We are sorry - an  error occurred please
login again.

Setup
Keycloak 2.5.1 Final
Apache 2.4 - SSL enabled
Mod proxy ajp
OS ubuntu 14.04

Keycloak standalone.xml ajp config

           <server name="default-server">
                <ajp-listener name="mmemoeListener"
socket-binding="ajp"
redirect-socket="proxy-https" scheme="https" />
                <http-listener name="default"
socket-binding="http"
redirect-socket="https"/>
                <host name="default-host" alias="localhost">
                    <location name="/"
handler="welcome-content"/>
                    <filter-ref name="proxy-peer"/>
                    <filter-ref name="server-header"/>
                    <filter-ref name="x-powered-by-header"/>
                </host>
            </server>
            <servlet-container name="default">
                <jsp-config/>
                <websockets/>
            </servlet-container>
            <handlers>
                <file name="welcome-content"
path="${jboss.home.dir}/welcom
e-content"/>
            </handlers>
            <filters>
<filter name="proxy-peer" class-name="io.undertow.server
.handlers.ProxyPeerAddressHandler" module="io.undertow.core" />
                <response-header name="server-header"
header-name="Server"
header-value="WildFly/10"/>
                <response-header name="x-powered-by-header"
header-name="X-Powered-By" header-value="Undertow/1"/>
            </filters>

Apache 2 http conf
ProxyRequests Off ProxyPreserveHost On SSLProxyEngine On <Proxy *>
RequestHeader set X-Forwarded-Proto "https" Require all granted </Proxy>
#Keycloak requirements LogFormat "%h %{X-Forwarded-For}i %l %u %t \"%r\"
%>s %b \"%{Referer}i\" \"%{User-Agent}i\ " common ProxyPass /auth
ajp://localhost:8009/auth

Link received in the Update Your Account email

https://demo.mmemoe.com/auth/realms/mmemoeDemo/login-actions
/execute-actions?key=M5QehaYrsNyxEFC66hDSudzxWXoeimIMH5Sp9Lv
bqhs.5b219018-98ad-4f39-a021-bda421809bcc

Apache log
[11/Feb/2017:01:37:06 +0000] "GET /auth/realms/mmemoeDemo/login-
actions/execute-actions?key=M5QehaYrsNyxEFC66hDSudzxWXoeimIM
H5Sp9Lvbqhs.5b219018-98ad-4f39-a021-bda421809bcc HTTP/1.1" 500 2441

Keycloak log
01:37:06,091 WARN  [org.keycloak.events] (default task-1)
type=EXECUTE_ACTIONS_ERROR, realmId=2e6cf05c-62bc-4b12-8db2-4a85053225f7,
clientId=null, userId=null, ipAddress=110.143.116.121, error=invalid_code

Thanks.

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014