Re: [keycloak-user] Browser tries to store the username "This is not a login form" after updating a temporary password

Hello, I submitted the JIRA ticket: https://issues.jboss.org/browse/KEYCLOAK-5019 Regards, Gregoire From: Gregoire Jeanmart Sent: 06 June 2017 09:37 To: Sebastien Blanc <sblanc(a)redhat.com&gt; Cc: Marek Posolda <mposolda(a)redhat.com>; keycloak-user(a)lists.jboss.org Subject: RE: [keycloak-user] Browser tries to store the username "This is not a login form" after updating a temporary password OK Will do. Thanks. Best regards Gregoire Jeanmart From: Sebastien Blanc [mailto:sblanc@redhat.com] Sent: 06 June 2017 09:31 To: Gregoire Jeanmart <Gregoire.Jeanmart@ai-london.com<mailto:Gregoire.Jeanmart@ai-london.com>> Cc: Marek Posolda <mposolda@redhat.com<mailto:mposolda@redhat.com>>; keycloak-user@lists.jboss.org<mailto:keycloak-user@lists.jboss.org> Subject: Re: [keycloak-user] Browser tries to store the username "This is not a login form" after updating a temporary password I can reproduce this, please open a JIRA. On Mon, Jun 5, 2017 at 10:59 AM, Gregoire Jeanmart <Gregoire.Jeanmart@ai-london.com<mailto:Gregoire.Jeanmart@ai-london.com>> wrote: Hello Marek, Thank you for your response. I don't know if it's an environment issue. I've actually tried on many browsers, 2 versions of Keycloak (2.4 and 3.1) installed on a Linux CentOS and Windows Server OS, even a fresh install and I still getting the issue. Please find below the steps to reproduce the bug: 1. Update a user by adding "Update Password" as Required User Actions 2. Login with this user (in my case "test123"). When you click on submit, Keycloak should redirect to the Change Password screen 3. I enter the new password (twice) and click on submit Screenshot: http://imgur.com/a/ueCxU As you can see on the screenshot, the browser (both GoogleChrome or Firefox latest version) try to store "This is not a login form" I found this in the Keycloak source code: [ https://github.com/keycloak/keycloak/blob/master/themes/src/main/resource... ] <form id="kc-passwd-update-form" class="${properties.kcFormClass!}" action="${url.loginAction}" method="post"> <input type="text" readonly value="this is not a login form" style="display: none;"> <input type="password" readonly value="this is not a login form" style="display: none;"> <div class="${properties.kcFormGroupClass!}"> <div class="${properties.kcLabelWrapperClass!}"> <label for="password-new" class="${properties.kcLabelClass!}">${msg("passwordNew")}</label> </div> <div class="${properties.kcInputWrapperClass!}"> <input type="password" id="password-new" name="password-new" class="${properties.kcInputClass!}" autofocus autocomplete="off" /> </div> </div> (...) It looks like this code is interpreted by the browser and is being store in the Password vault. I will considerer your suggestion and raise a JIRA issue. Best regards, Gregoire Jeanmart -----Original Message----- From: Marek Posolda [mailto:mposolda@redhat.com<mailto:mposolda@redhat.com>] Sent: 05 June 2017 08:58 To: Gregoire Jeanmart <Gregoire.Jeanmart@ai-london.com<mailto:Gregoire.Jeanmart@ai-london.com>>; keycloak-user@lists.jboss.org<mailto:keycloak-user@lists.jboss.org> Subject: Re: [keycloak-user] Browser tries to store the username "This is not a login form" after updating a temporary password Hi, This seem like the environment specific issue. I never saw this. It seems that it happens under some special circumstances (eg. specific browser with some specific browser plugins enabled etc). Feel free to create JIRA if you manage to figure some more details how to reproduce it. Marek On 05/06/17 09:33, Gregoire Jeanmart wrote: _______________________________________________ keycloak-user mailing list keycloak-user@lists.jboss.org<mailto:keycloak-user@lists.jboss.org> https://lists.jboss.org/mailman/listinfo/keycloak-user