Ask user to login after a Required action, "Password Reset" to be exact.
3,470 views
Skip to first unread message
Saurav Mohan V
Oct 7, 2021, 10:35:23 AM10/7/21
to Keycloak User
Hi,
It there any way to direct the user to the login screen after completion of the required action. The required action, in this case, is an Application initiated action.For this case, let's consider initiating a password reset required action for the application using the javascript adapter. I want the user to be directed to the login screen on successful reset of the password and to have the user log in again to the application using this new password.
tried backChannelLogout() and browserLogout() of the session but was not helpfull
Any help would be much appreciated.
Thanks in advance
Regards,
Saurav Mohan V
benjam...@gmail.com
Oct 12, 2021, 3:13:04 AM10/12/21
to Keycloak User
I ran into this similar scenario and ended up doing something with 3 steps:
First, I created a new required action (RequiredActionProvider), let's call it ReLogin. It simply does a challenge:
@Override
public void requiredActionChallenge(RequiredActionContext context) {
// Look for a custom reLoginMessage in message.properties
Response response = context.form()
.setInfo("reLoginMessage")
.createForm("info.ftl");
context.challenge(response);
}
@Override
public void processAction(RequiredActionContext context) {
// Always fail
// The only way to remove this required action is to go through Login auth flow
context.failure();
}
Then, in the Event Listener (EventListenerProvider) I look for the UPDATE_PASSWORD event and put in an addRequiredAction:
user.addRequiredAction("ReLogin")
Finally, I added a new authentication flow execution (Authenticator) to login flows that does a removeRequiredAction:
user.removeRequiredAction("ReLogin");
It's very hacky and I wonder if there're other simpler ideas out there.
Benjamin
Saurav Mohan V
Oct 13, 2021, 7:10:57 AM10/13/21
to Keycloak User
Hi Benjamin,
Thanks a lot for your response. I will try this out and let you know.
Regards,
Saurav Mohan V
Sven-Torben Janus
Oct 22, 2021, 12:09:56 PM10/22/21
to Keycloak User
This should simply work if you logout the user. Take a look at the UPDATE_PASSWORD required action which already allows users to logout after the password update.
https://github.com/keycloak/keycloak/blob/master/services/src/main/java/org/keycloak/authentication/requiredactions/UpdatePassword.java#L134
Regards
https://github.com/keycloak/keycloak/blob/master/services/src/main/java/org/keycloak/authentication/requiredactions/UpdatePassword.java#L134
Regards
Sven-Torben
Reply all
Reply to author
Forward
0 new messages