[keycloak-user] Execution Flow

Stuart keycloak at collectivesystems.com
Wed Oct 9 06:06:15 EDT 2019 

Hi All,

So I've solved a few of the issues I was having by creating a new provider
for the information pages during account registration in the auth flow, and
creating a new provider with 'Required Actions', for the information pages
during the required action phase (i.e. after OTP setup and Password
Set/Reset).

However, no matter what I do (which includes black magic and bribery) the
reset password 'required action' page always comes last in the flow.  I've
set the order under the required actions tab in the admin console.. the
reset password should be the first 'required action' processed in the auth
flow. (The other two, OTP setup and the info page, I can move around and
change their order with no problems.)

Is there something special about the password set/reset page that I'm
missing?

Thanks,

Stuart.



On Mon, 7 Oct 2019 at 09:50, Stuart <keycloak at collectivesystems.com> wrote:

> Hi All,
>
> I'm trying to add a step in the the KC authentication flow that just has a
> notification/message page to say something like 'You're all setup' or 'you
> made it through registration, well done'. :-)
>
> I've tried creating an authentication provider which just display the
> message (via a ftl template) which works great. However....  during the
> registration process I want he users to set their password and set up OTP.
> Now, because (I guess) the PW reset and OTP forms are 'required actions'
> they are skipped for the actual user authentication.  So once all
> authentication providers are successful, KC moves onto the required actions
> and displays the forms for them.  This results in my 'message' provider
> showing before the PW and OTP setup pages.
>
> So I'm thinking that I should make the 'message' provider return success
> on authentication and add 'Required Actions'.  Does that sound like the way
> to go?  My only concern is that I still cannot get the PW (re)set page to
> appear before the OTP page (even if I change the order under the 'Required
> Actions' tab in the authentication setup), so I'm not sure how KC is making
> the decision on which page to show next.
>
> (I thought about using the T&C page for the message page, but I don't know
> how to tell KC that its a new user, as the user is added to KC before they
> get to login/register.)
>
> Any thoughts are appreciated.
>
> Stuart
>
>
>
>

More information about the keycloak-user mailing list