11:28 p.m.
Hello,
My keycloak configuration has password policy enabled for all users and it also has the
Not Recently Used part specified to some number.
I have a simple use case:
1. I create user
2. I set a password for this user
3. I delete this user
I repeat this step again, with the same username and password and I get an error on 2nd
step which is "Invalid password: must not be equal to any of last x passwords.”
The problem is, I can only have this error on admin API, if I do it on the admin UI then I
don’t get it.
Now obviously if it was the same “user” it would make sense, but since I delete this
username and create a new user, which has different user ID; then I would expect it to
behave differently.
I am using Keycloak 3.1.0 and Java adapter which has 3.1.0 as well. The below are the
code
1. Creating user:
keycloak.realm(usersRealm).users().create(someUserRepresentation);
2. Resetting password of the user:
CredentialRepresentation passwordCredRepresentation = new CredentialRepresentation();
representation.setTemporary(false);
representation.setType(PASSWORD);
representation.setValue(password);
UserResource userResource = keycloak.realm(usersRealm).users().get(keycloakId);
userResource.resetPassword(passwordCredRepresentation);
3. Deleting the user:
keycloak.realm(usersRealm).users().delete(keycloakId))
I definitely know that delete user works because once I run this, I don’t see any user and
when I run create user code, I can see a user account with different ID.
My question is, is this intentional or a bug? If it is intentional, then how can I clear
user’s password history? I tried looking that up in admin api but could not find any
call.
Thanks,
Sarp
7:32 a.m.
This is certainly not intentional. When you re-create the user through the
admin api is it with the same user id? If so it could seem credentials are
not deleted properly when the user is and that the "old" credentials are
then associated with the new user.
On 1 June 2017 at 06:28, Sarp Kaya <akaya(a)expedia.com> wrote:
Hello,
My keycloak configuration has password policy enabled for all users and it
also has the Not Recently Used part specified to some number.
I have a simple use case:
1. I create user
2. I set a password for this user
3. I delete this user
I repeat this step again, with the same username and password and I get an
error on 2nd step which is "Invalid password: must not be equal to any of
last x passwords.”
The problem is, I can only have this error on admin API, if I do it on the
admin UI then I don’t get it.
Now obviously if it was the same “user” it would make sense, but since I
delete this username and create a new user, which has different user ID;
then I would expect it to behave differently.
I am using Keycloak 3.1.0 and Java adapter which has 3.1.0 as well. The
below are the code
1. Creating user:
keycloak.realm(usersRealm).users().create(someUserRepresentation);
2. Resetting password of the user:
CredentialRepresentation passwordCredRepresentation = new
CredentialRepresentation();
representation.setTemporary(false);
representation.setType(PASSWORD);
representation.setValue(password);
UserResource userResource = keycloak.realm(usersRealm).
users().get(keycloakId);
userResource.resetPassword(passwordCredRepresentation);
3. Deleting the user:
keycloak.realm(usersRealm).users().delete(keycloakId))
I definitely know that delete user works because once I run this, I don’t
see any user and when I run create user code, I can see a user account with
different ID.
My question is, is this intentional or a bug? If it is intentional, then
how can I clear user’s password history? I tried looking that up in admin
api but could not find any call.
Thanks,
Sarp
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
2783
days inactive
2784
days old
1 comments
2 participants
participants (2)
-
Sarp Kaya -
Stian Thorgersen