[keycloak-user] password forgotten - override UpdatePasswd required action (v 1.7.0)

Adrian Matei adrianmatei at gmail.com
Mon Feb 1 11:25:34 EST 2016


Hi guys,

in the UpdatePassword class we need to modify the string values that come
from formData
so that there are not "password-new" but "passwordNew" (JS conform as we've
build the GUI with AngularJS on top of Freemarker actions):
https://github.com/keycloak/keycloak/blob/de472dbd43dd2767afb3436835f77924a78e9f82/services/src/main/java/org/keycloak/authentication/requiredactions/UpdatePassword.java#L67


We've created our own CustomUpdatePassword (similar with the class above
except the two lines and own id -UPDATE_PASSWORD_CUSTOM) and tried to hook
it in our own custom ResetPassword class:
    @Override
    public void authenticate(AuthenticationFlowContext context) {
        if (context.getExecution().isRequired() ||
                (context.getExecution().isOptional() &&
                        configuredFor(context))) {

context.getClientSession().addRequiredAction(CustomUpdatePassword.UPDATE_PASSWORD_CUSTOM);
        }
        context.success();
    }

The custom classes are registered in META-INF services and everything, and
we can add the custom reset password execution in the Reset Credentials
workflow...

The result is a NPE in AuthenticationManager by trying to get the
providerId from the model
RequiredActionProviderModel model =
realm.getRequiredActionProviderByAlias(action);
RequiredActionFactory factory =
(RequiredActionFactory)session.getKeycloakSessionFactory().getProviderFactory(RequiredActionProvider.class,
model.getProviderId());

I am tired and cannot look through anymore, so your advice is more than
welcomed...

Thanks,
Adrian
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160201/6e306a09/attachment-0001.html 


More information about the keycloak-user mailing list