I previously created a new action token/set initial password authentication
flow for Keycloak. I know that this was working previously, but for some
reason appears to have stopped working now. The only thing I can think
that has changed was upgrading Keycloak from the 4.8.3 version to the 5.0.0
version. In my code, I'm creating and registering a new
AuthenticationFlowModel instance.
private AuthenticationFlowModel getInitialPasswordFlow(RealmModel
realm) {
AuthenticationFlowModel flow = realm.getFlowByAlias(FLOW_ALIAS);
if (flow == null) {
flow = new AuthenticationFlowModel();
flow.setAlias(FLOW_ALIAS);
flow.setBuiltIn(true);
flow.setDescription("Set Initial Password");
flow.setProviderId(AuthenticationFlow.BASIC_FLOW);
flow.setTopLevel(true);
realm.addAuthenticationFlow(flow);
}
return flow;
}
Which is called as part of my handleToken implementation:
public Response handleToken(
UserInvitationActionToken token,
ActionTokenContext<UserInvitationActionToken> tokenContext)
{
return tokenContext.processFlow(
false,
"set-initial-password",
getInitialPasswordFlow(tokenContext.getRealm()),
null,
new
UserInvitationAuthenticationProcessor(token.getRedirectURI()));
}
However, it does not seem that the password flow is ever executed. It
seems to jump right to authenticationComplete:
* @see
org.keycloak.authentication.AuthenticationProcessor#authenticationComplete()
*/
@Override
protected Response authenticationComplete() {
authenticationSession.setAuthNote(UserInvitationConstants.SET_INITIAL_PASSWORD_AUTH_NOTE,
"true");
if (redirectURI != null) {
authenticationSession.setRedirectUri(redirectURI);
}
return super.authenticationComplete();
}
Were there changes between 4.8.3 and 5.0.0 that would impact the
authentication flow functionality? If so, can someone point me to the
changes as well as any information I might need to know in order to fix up
my implementation to make it work again?
Thanks so much,
Craig
=================================
*Craig Setera*
*Chief Technology Officer*