[keycloak-user] Forgot Password Error with Our own UserStorageProvider

Deepu Laghuvaram deepu.laghuvaram at gmail.com
Mon Jan 16 21:15:48 EST 2017


I couldn't figure out the issue but when I moved from 2.3.0 Final to 2.5.0
Final the issue is not replicable and looks like its fixed.

On Mon, Jan 16, 2017 at 1:46 PM, Deepu Laghuvaram <
deepu.laghuvaram at gmail.com> wrote:

> What I observed is that if a user is registered with KeyCloak then I am
> not getting any issue in Forgot Password, but if the user is an existing
> one in my database and not registered thru KeyCloak, then I am getting this
> issue. It would be of great help if you can help me with this.
>
> On Thu, Jan 12, 2017 at 4:46 PM, Deepu Laghuvaram <
> deepu.laghuvaram at gmail.com> wrote:
>
>> I am using my own DB2UserStorageProvider and my Login and Registration
>> are working as expected but forgot password is not working as expected
>> (When I remove User Federation then Forgot Password is working as
>> expected).
>>
>> I am having the flow for Reset Credential as
>> Choose User         REQUIRED
>> Send Reset Email    REQUIRED
>> Reset Password      REQUIRED
>>
>> I used an existing user in my DB2 database, with which I am able to login
>> and when I try that user to reset password, I am not receiving any email
>> and below are the logs
>>
>> 14:40:31,755 DEBUG [org.keycloak.authentication.DefaultAuthenticationFlow]
>> (default task-14) action: reset-credentials-choose-user
>> 14:40:32,908 INFO  [DB2UserStorageProvider] (default task-14) Inside
>> getUserByUsername: testmail at gmail.com
>> 14:40:32,914 INFO  [DB2UserStorageProvider] (default task-14) Entity.ID =
>> 9bcff1bd-2ac9-4e63-b113-7061bd3f0278
>> 14:40:32,914 INFO  [DB2UserStorageProvider] (default task-14)
>> Entity.setUsername = 9bcff1bd-2ac9-4e63-b113-7061bd3f0278
>> 14:40:32,942 DEBUG [org.keycloak.authentication.DefaultAuthenticationFlow]
>> (default task-14) authenticator SUCCESS: reset-credentials-choose-user
>> 14:40:32,942 DEBUG [org.keycloak.authentication.DefaultAuthenticationFlow]
>> (default task-14) processFlow
>> 14:40:32,942 DEBUG [org.keycloak.authentication.DefaultAuthenticationFlow]
>> (default task-14) check execution: reset-credential-email requirement:
>> REQUIRED
>> 14:40:32,942 DEBUG [org.keycloak.authentication.DefaultAuthenticationFlow]
>> (default task-14) authenticator: reset-credential-email
>> 14:40:32,949 DEBUG [org.keycloak.transaction.JtaTransactionWrapper]
>> (default task-14) JtaTransactionWrapper  commit
>> 14:40:32,957 DEBUG [org.keycloak.authentication.AuthenticationProcessor]
>> (default task-13) AUTHENTICATE
>> 14:40:32,957 DEBUG [org.keycloak.authentication.AuthenticationProcessor]
>> (default task-13) AUTHENTICATE ONLY
>> 14:40:33,008 INFO  [DB2UserStorageProvider] (default task-13)
>> getUserById: f:c3f5f5ce-6954-4e2f-82e7-1055df749be9:9bcff1bd-2ac9-4e63-
>> b113-7061bd3f0278
>> 14:40:33,008 INFO  [DB2UserStorageProvider] (default task-13)
>> entity.getID: 9bcff1bd-2ac9-4e63-b113-7061bd3f0278
>> 14:40:33,008 INFO  [DB2UserStorageProvider] (default task-13) Entity.ID =
>> 9bcff1bd-2ac9-4e63-b113-7061bd3f0278
>> 14:40:33,008 INFO  [DB2UserStorageProvider] (default task-13)
>> Entity.setUsername = 9bcff1bd-2ac9-4e63-b113-7061bd3f0278
>> 14:40:33,030 DEBUG [org.keycloak.authentication.DefaultAuthenticationFlow]
>> (default task-13) processFlow
>> 14:40:33,030 DEBUG [org.keycloak.authentication.DefaultAuthenticationFlow]
>> (default task-13) check execution: reset-credentials-choose-user
>> requirement: REQUIRED
>> 14:40:33,030 DEBUG [org.keycloak.authentication.DefaultAuthenticationFlow]
>> (default task-13) execution is processed
>> 14:40:33,030 DEBUG [org.keycloak.authentication.DefaultAuthenticationFlow]
>> (default task-13) check execution: reset-credential-email requirement:
>> REQUIRED
>> 14:40:33,030 DEBUG [org.keycloak.authentication.DefaultAuthenticationFlow]
>> (default task-13) authenticator: reset-credential-email
>> 14:40:33,030 DEBUG [org.keycloak.authentication.DefaultAuthenticationFlow]
>> (default task-13) invoke authenticator.authenticate
>> *14:40:33,030 WARN  [org.keycloak.events] (default task-13)
>> type=RESET_PASSWORD_ERROR, realmId=TestRealm, clientId=TestClient,
>> userId=f:c3f5f5ce-6954-4e2f-82e7-1055df749be9:9bcff1bd-2ac9-4e63-b113-7061bd3f0278,
>> ipAddress=127.0.0.1, error=invalid_email, auth_method=openid-connect,
>> auth_type=code, redirect_uri=http://localhost:8090/account/account.jsp
>> <http://localhost:8090/account/account.jsp>,
>> code_id=857a3ff7-837f-4e8d-8b4d-dabd8b38a89e, username=testmail at gmail.com
>> <testmail at gmail.com>*
>> 14:40:33,030 DEBUG [org.keycloak.authentication.DefaultAuthenticationFlow]
>> (default task-13) reset browser login from authenticator:
>> reset-credential-email
>> 14:40:33,030 DEBUG [org.keycloak.authentication.AuthenticationProcessor]
>> (default task-13) AUTHENTICATE
>> 14:40:33,030 DEBUG [org.keycloak.authentication.AuthenticationProcessor]
>> (default task-13) AUTHENTICATE ONLY
>> 14:40:33,030 DEBUG [org.keycloak.authentication.DefaultAuthenticationFlow]
>> (default task-13) processFlow
>> 14:40:33,030 DEBUG [org.keycloak.authentication.DefaultAuthenticationFlow]
>> (default task-13) check execution: auth-cookie requirement: ALTERNATIVE
>> 14:40:33,030 DEBUG [org.keycloak.authentication.DefaultAuthenticationFlow]
>> (default task-13) authenticator: auth-cookie
>> 14:40:33,030 DEBUG [org.keycloak.authentication.DefaultAuthenticationFlow]
>> (default task-13) invoke authenticator.authenticate
>> 14:40:33,030 DEBUG [org.keycloak.services.managers.AuthenticationManager]
>> (default task-13) Could not find cookie: KEYCLOAK_IDENTITY
>> 14:40:33,030 DEBUG [org.keycloak.authentication.DefaultAuthenticationFlow]
>> (default task-13) authenticator ATTEMPTED: auth-cookie
>> 14:40:33,030 DEBUG [org.keycloak.authentication.DefaultAuthenticationFlow]
>> (default task-13) check execution: auth-spnego requirement: DISABLED
>> 14:40:33,030 DEBUG [org.keycloak.authentication.DefaultAuthenticationFlow]
>> (default task-13) execution is processed
>> 14:40:33,030 DEBUG [org.keycloak.authentication.DefaultAuthenticationFlow]
>> (default task-13) check execution: identity-provider-redirector
>> requirement: ALTERNATIVE
>> 14:40:33,030 DEBUG [org.keycloak.authentication.DefaultAuthenticationFlow]
>> (default task-13) authenticator: identity-provider-redirector
>> 14:40:33,030 DEBUG [org.keycloak.authentication.DefaultAuthenticationFlow]
>> (default task-13) invoke authenticator.authenticate
>> 14:40:33,030 DEBUG [org.keycloak.authentication.DefaultAuthenticationFlow]
>> (default task-13) authenticator ATTEMPTED: identity-provider-redirector
>> 14:40:33,030 DEBUG [org.keycloak.authentication.DefaultAuthenticationFlow]
>> (default task-13) check execution: null requirement: ALTERNATIVE
>> 14:40:33,030 DEBUG [org.keycloak.authentication.DefaultAuthenticationFlow]
>> (default task-13) execution is flow
>> 14:40:33,030 DEBUG [org.keycloak.authentication.DefaultAuthenticationFlow]
>> (default task-13) processFlow
>> 14:40:33,030 DEBUG [org.keycloak.authentication.DefaultAuthenticationFlow]
>> (default task-13) check execution: auth-username-password-form requirement:
>> REQUIRED
>> 14:40:33,031 DEBUG [org.keycloak.authentication.DefaultAuthenticationFlow]
>> (default task-13) authenticator: auth-username-password-form
>> 14:40:33,031 DEBUG [org.keycloak.authentication.DefaultAuthenticationFlow]
>> (default task-13) invoke authenticator.authenticate
>>
>>
>> It looks like the user is not in context, I am not sure why the user is
>> not in context as both getUserByUsername and getUserById are successful and
>> even it says "authenticator SUCCESS: reset-credentials-choose-user".
>> Could you please help me with this issue, I am using Keycloak 2.3.0 Final.
>>
>> Thanks,
>> Deepu
>>
>>
>>
>


More information about the keycloak-user mailing list