[keycloak-user] Issues with Keycloak and AD

Charles Hardin chardin at shadowforge-computing.com
Fri Apr 21 09:42:22 EDT 2017


2016

On Fri, Apr 21, 2017 at 7:57 AM, Marek Posolda <mposolda at redhat.com> wrote:

> I will try to reproduce that. What's your MSAD version btv?
>
> Thanks,
> Marek
>
>
> On 20/04/17 23:55, Charles Hardin wrote:
>
>> Hello All,
>>
>> I have setup an instance of Keycloak 3 and connected it to AD. It is setup
>> to sync users and is writeable edit mode. I also have Pasword Policy Hints
>> enabled in the MSAD Account Controls mapper. I have user registration
>> turned on in Keycloak.
>>
>> When I register a user in keycloak, it creates the user in a disabled
>> state
>> in AD, and prompts the user in keycloak to change the password they just
>> set during account creation to activate the account. This then fails
>> because AD is currently configured to enforce a minimum password age of
>> one
>> day.
>>
>> I am ok with the account being created disabled, but how do I get around
>> the immediate 2nd password request?
>>
>> Thanks,
>>
>> Chuck
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>
>
>
>


More information about the keycloak-user mailing list