[keycloak-user] Forgot Password Error with Our own UserStorageProvider
Deepu Laghuvaram
deepu.laghuvaram at gmail.com
Mon Jan 16 13:46:50 EST 2017
What I observed is that if a user is registered with KeyCloak then I am not
getting any issue in Forgot Password, but if the user is an existing one in
my database and not registered thru KeyCloak, then I am getting this issue.
It would be of great help if you can help me with this.
On Thu, Jan 12, 2017 at 4:46 PM, Deepu Laghuvaram <
deepu.laghuvaram at gmail.com> wrote:
> I am using my own DB2UserStorageProvider and my Login and Registration are
> working as expected but forgot password is not working as expected (When I
> remove User Federation then Forgot Password is working as expected).
>
> I am having the flow for Reset Credential as
> Choose User REQUIRED
> Send Reset Email REQUIRED
> Reset Password REQUIRED
>
> I used an existing user in my DB2 database, with which I am able to login
> and when I try that user to reset password, I am not receiving any email
> and below are the logs
>
> 14:40:31,755 DEBUG [org.keycloak.authentication.DefaultAuthenticationFlow]
> (default task-14) action: reset-credentials-choose-user
> 14:40:32,908 INFO [DB2UserStorageProvider] (default task-14) Inside
> getUserByUsername: testmail at gmail.com
> 14:40:32,914 INFO [DB2UserStorageProvider] (default task-14) Entity.ID =
> 9bcff1bd-2ac9-4e63-b113-7061bd3f0278
> 14:40:32,914 INFO [DB2UserStorageProvider] (default task-14)
> Entity.setUsername = 9bcff1bd-2ac9-4e63-b113-7061bd3f0278
> 14:40:32,942 DEBUG [org.keycloak.authentication.DefaultAuthenticationFlow]
> (default task-14) authenticator SUCCESS: reset-credentials-choose-user
> 14:40:32,942 DEBUG [org.keycloak.authentication.DefaultAuthenticationFlow]
> (default task-14) processFlow
> 14:40:32,942 DEBUG [org.keycloak.authentication.DefaultAuthenticationFlow]
> (default task-14) check execution: reset-credential-email requirement:
> REQUIRED
> 14:40:32,942 DEBUG [org.keycloak.authentication.DefaultAuthenticationFlow]
> (default task-14) authenticator: reset-credential-email
> 14:40:32,949 DEBUG [org.keycloak.transaction.JtaTransactionWrapper]
> (default task-14) JtaTransactionWrapper commit
> 14:40:32,957 DEBUG [org.keycloak.authentication.AuthenticationProcessor]
> (default task-13) AUTHENTICATE
> 14:40:32,957 DEBUG [org.keycloak.authentication.AuthenticationProcessor]
> (default task-13) AUTHENTICATE ONLY
> 14:40:33,008 INFO [DB2UserStorageProvider] (default task-13) getUserById:
> f:c3f5f5ce-6954-4e2f-82e7-1055df749be9:9bcff1bd-2ac9-
> 4e63-b113-7061bd3f0278
> 14:40:33,008 INFO [DB2UserStorageProvider] (default task-13)
> entity.getID: 9bcff1bd-2ac9-4e63-b113-7061bd3f0278
> 14:40:33,008 INFO [DB2UserStorageProvider] (default task-13) Entity.ID =
> 9bcff1bd-2ac9-4e63-b113-7061bd3f0278
> 14:40:33,008 INFO [DB2UserStorageProvider] (default task-13)
> Entity.setUsername = 9bcff1bd-2ac9-4e63-b113-7061bd3f0278
> 14:40:33,030 DEBUG [org.keycloak.authentication.DefaultAuthenticationFlow]
> (default task-13) processFlow
> 14:40:33,030 DEBUG [org.keycloak.authentication.DefaultAuthenticationFlow]
> (default task-13) check execution: reset-credentials-choose-user
> requirement: REQUIRED
> 14:40:33,030 DEBUG [org.keycloak.authentication.DefaultAuthenticationFlow]
> (default task-13) execution is processed
> 14:40:33,030 DEBUG [org.keycloak.authentication.DefaultAuthenticationFlow]
> (default task-13) check execution: reset-credential-email requirement:
> REQUIRED
> 14:40:33,030 DEBUG [org.keycloak.authentication.DefaultAuthenticationFlow]
> (default task-13) authenticator: reset-credential-email
> 14:40:33,030 DEBUG [org.keycloak.authentication.DefaultAuthenticationFlow]
> (default task-13) invoke authenticator.authenticate
> *14:40:33,030 WARN [org.keycloak.events] (default task-13)
> type=RESET_PASSWORD_ERROR, realmId=TestRealm, clientId=TestClient,
> userId=f:c3f5f5ce-6954-4e2f-82e7-1055df749be9:9bcff1bd-2ac9-4e63-b113-7061bd3f0278,
> ipAddress=127.0.0.1, error=invalid_email, auth_method=openid-connect,
> auth_type=code, redirect_uri=http://localhost:8090/account/account.jsp
> <http://localhost:8090/account/account.jsp>,
> code_id=857a3ff7-837f-4e8d-8b4d-dabd8b38a89e, username=testmail at gmail.com
> <testmail at gmail.com>*
> 14:40:33,030 DEBUG [org.keycloak.authentication.DefaultAuthenticationFlow]
> (default task-13) reset browser login from authenticator:
> reset-credential-email
> 14:40:33,030 DEBUG [org.keycloak.authentication.AuthenticationProcessor]
> (default task-13) AUTHENTICATE
> 14:40:33,030 DEBUG [org.keycloak.authentication.AuthenticationProcessor]
> (default task-13) AUTHENTICATE ONLY
> 14:40:33,030 DEBUG [org.keycloak.authentication.DefaultAuthenticationFlow]
> (default task-13) processFlow
> 14:40:33,030 DEBUG [org.keycloak.authentication.DefaultAuthenticationFlow]
> (default task-13) check execution: auth-cookie requirement: ALTERNATIVE
> 14:40:33,030 DEBUG [org.keycloak.authentication.DefaultAuthenticationFlow]
> (default task-13) authenticator: auth-cookie
> 14:40:33,030 DEBUG [org.keycloak.authentication.DefaultAuthenticationFlow]
> (default task-13) invoke authenticator.authenticate
> 14:40:33,030 DEBUG [org.keycloak.services.managers.AuthenticationManager]
> (default task-13) Could not find cookie: KEYCLOAK_IDENTITY
> 14:40:33,030 DEBUG [org.keycloak.authentication.DefaultAuthenticationFlow]
> (default task-13) authenticator ATTEMPTED: auth-cookie
> 14:40:33,030 DEBUG [org.keycloak.authentication.DefaultAuthenticationFlow]
> (default task-13) check execution: auth-spnego requirement: DISABLED
> 14:40:33,030 DEBUG [org.keycloak.authentication.DefaultAuthenticationFlow]
> (default task-13) execution is processed
> 14:40:33,030 DEBUG [org.keycloak.authentication.DefaultAuthenticationFlow]
> (default task-13) check execution: identity-provider-redirector
> requirement: ALTERNATIVE
> 14:40:33,030 DEBUG [org.keycloak.authentication.DefaultAuthenticationFlow]
> (default task-13) authenticator: identity-provider-redirector
> 14:40:33,030 DEBUG [org.keycloak.authentication.DefaultAuthenticationFlow]
> (default task-13) invoke authenticator.authenticate
> 14:40:33,030 DEBUG [org.keycloak.authentication.DefaultAuthenticationFlow]
> (default task-13) authenticator ATTEMPTED: identity-provider-redirector
> 14:40:33,030 DEBUG [org.keycloak.authentication.DefaultAuthenticationFlow]
> (default task-13) check execution: null requirement: ALTERNATIVE
> 14:40:33,030 DEBUG [org.keycloak.authentication.DefaultAuthenticationFlow]
> (default task-13) execution is flow
> 14:40:33,030 DEBUG [org.keycloak.authentication.DefaultAuthenticationFlow]
> (default task-13) processFlow
> 14:40:33,030 DEBUG [org.keycloak.authentication.DefaultAuthenticationFlow]
> (default task-13) check execution: auth-username-password-form requirement:
> REQUIRED
> 14:40:33,031 DEBUG [org.keycloak.authentication.DefaultAuthenticationFlow]
> (default task-13) authenticator: auth-username-password-form
> 14:40:33,031 DEBUG [org.keycloak.authentication.DefaultAuthenticationFlow]
> (default task-13) invoke authenticator.authenticate
>
>
> It looks like the user is not in context, I am not sure why the user is
> not in context as both getUserByUsername and getUserById are successful and
> even it says "authenticator SUCCESS: reset-credentials-choose-user".
> Could you please help me with this issue, I am using Keycloak 2.3.0 Final.
>
> Thanks,
> Deepu
>
>
>
More information about the keycloak-user
mailing list