[keycloak-user] Issues with Keycloak and AD
Charles Hardin
chardin at shadowforge-computing.com
Thu Apr 20 17:55:31 EDT 2017
Hello All,
I have setup an instance of Keycloak 3 and connected it to AD. It is setup
to sync users and is writeable edit mode. I also have Pasword Policy Hints
enabled in the MSAD Account Controls mapper. I have user registration
turned on in Keycloak.
When I register a user in keycloak, it creates the user in a disabled state
in AD, and prompts the user in keycloak to change the password they just
set during account creation to activate the account. This then fails
because AD is currently configured to enforce a minimum password age of one
day.
I am ok with the account being created disabled, but how do I get around
the immediate 2nd password request?
Thanks,
Chuck
More information about the keycloak-user
mailing list