问题

我正在构建身份管理门户，使用Keycloak进行身份验证，我希望在这个门户中有一个更改密码的界面，当用户点击时，它应该重定向到Keycloak主题更新密码界面（"http://host:port/auth/relams/<relam-name>/login-actions/required-action?execution=UPDATE_PASSWORD&client_id=test&tab_id=J4X7UdFi")。

在Keycloak登录后，我们能实现这个吗？如果在Keycloak UserRepresentation对象中的"UPDATE_PASSWORD"是必需操作，而且在登录之前有这个操作，那么Keycloak会自动将用户重定向到更新密码界面，

但是在用户登录后，我们能直接将Keycloak更新密码界面呈现给用户吗？

英文:

I am building Identity management portal, using keycloak for authentication , i want to have one change password screen in this portal, when user click on that , it should redirect to keycloak theme update password screen ("http://host:port/auth/relams/<relam-name>/login-actions/required-action?execution=UPDATE_PASSWORD&client_id=test&tab_id=J4X7UdFi")

Can we achieve this in Keycloak after login?, this screen comes if we have Required Action as "UPDATE_PASSWORD" in Keyclaok UserRepresentation Object and before login if this action is there then keycloak itself redirects automatically to Update Password Screen ,

but can we give the Keycloak Update Password Screen directly to the user on UI after he logins.

答案1

得分: 1

需要创建RequiredActionProvider：

package com.keycloak.password;

import java.util.List;
import java.util.concurrent.TimeUnit;

import org.jboss.logging.Logger;
import org.keycloak.authentication.RequiredActionContext;
import org.keycloak.authentication.RequiredActionProvider;
import org.keycloak.common.util.Time;
import org.keycloak.credential.CredentialModel;
import org.keycloak.credential.CredentialProvider;
import org.keycloak.credential.PasswordCredentialProvider;
import org.keycloak.credential.PasswordCredentialProviderFactory;
import org.keycloak.models.UserModel;

public class CustomUpdatePassword implements RequiredActionProvider {

    private static final String OPENID_CONNECT_PROTOCOL = "openid-connect";
    private static final String CLAIM_VALUE = "claim.value";
    private static final Logger LOG = Logger.getLogger(CustomUpdatePassword.class.getName());

    @Override
    public void evaluateTriggers(RequiredActionContext context) {

        try {
            //一些自定义逻辑，添加所需的操作
            if (password.getCreatedDate() == null) {
                context.getUser().addRequiredAction(UserModel.RequiredAction.UPDATE_PASSWORD);
            } else {
                long timeElapsed = Time.toMillis(Time.currentTime()) - password.getCreatedDate();
                long timeToExpire = TimeUnit.DAYS.toMillis(daysToExpirePassword);
                if (timeElapsed > timeToExpire) {
                    context.getUser().addRequiredAction(UserModel.RequiredAction.UPDATE_PASSWORD);
                }
            }

        } catch (Exception e) {
            LOG.error(e.getMessage());
        }

    }

    @Override
    public void requiredActionChallenge(RequiredActionContext context) {
    }

    @Override
    public void processAction(RequiredActionContext context) {
    }

    @Override
    public void close() {

    }
}

工厂类：

package com.keycloak.password;

import org.keycloak.Config;
import org.keycloak.authentication.RequiredActionFactory;
import org.keycloak.authentication.RequiredActionProvider;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.KeycloakSessionFactory;

public class CustomUpdatePasswordFactory implements RequiredActionFactory {

    private static final CustomUpdatePassword SINGLETON = new CustomUpdatePassword();

    @Override
    public String getDisplayText() {
        return "Password Update";
    }

    @Override
    public RequiredActionProvider create(KeycloakSession keycloakSession) {
        return SINGLETON;
    }

    @Override
    public void init(Config.Scope scope) {

    }

    @Override
    public void postInit(KeycloakSessionFactory keycloakSessionFactory) {

    }

    @Override
    public void close() {

    }

    @Override
    public String getId() {
        return "Password Update";
    }
}

然后，这些类的 JAR 文件需要部署到 jboss 文件夹中：

COPY --chown=jboss:root /target/<above_project_jar>-*.jar /opt/jboss/keycloak/providers/

英文:

We need to create RequiredActionProvider

package com.keycloak.password;
import java.util.List;
import java.util.concurrent.TimeUnit;
import org.jboss.logging.Logger;
import org.keycloak.authentication.RequiredActionContext;
import org.keycloak.authentication.RequiredActionProvider;
import org.keycloak.common.util.Time;
import org.keycloak.credential.CredentialModel;
import org.keycloak.credential.CredentialProvider;
import org.keycloak.credential.PasswordCredentialProvider;
import org.keycloak.credential.PasswordCredentialProviderFactory;
import org.keycloak.models.UserModel;
public class CustomUpdatePassword implements RequiredActionProvider {
private static final String OPENID_CONNECT_PROTOCOL = &quot;openid-connect&quot;;
private static final String CLAIM_VALUE = &quot;claim.value&quot;;
private static final Logger LOG = Logger.getLogger(CustomUpdatePassword.class.getName());
@Override
public void evaluateTriggers(RequiredActionContext context) {
try {
//some custom logic add required_action
if (password.getCreatedDate() == null) {
context.getUser().addRequiredAction(UserModel.RequiredAction.UPDATE_PASSWORD);
} else {
long timeElapsed = Time.toMillis(Time.currentTime()) - password.getCreatedDate();
long timeToExpire = TimeUnit.DAYS.toMillis(daysToExpirePassword);
if (timeElapsed &gt; timeToExpire) {
context.getUser().addRequiredAction(UserModel.RequiredAction.UPDATE_PASSWORD);=
}
}
}
} catch (Exception e) {
LOG.error(e.getMessage());
}
}
@Override
public void requiredActionChallenge(RequiredActionContext context) {
}
@Override
public void processAction(RequiredActionContext context) {
}
@Override
public void close() {
}
}

And Factory class

package com.keycloak.password;
import org.keycloak.Config;
import org.keycloak.authentication.RequiredActionFactory;
import org.keycloak.authentication.RequiredActionProvider;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.KeycloakSessionFactory;
public class CustomUpdatePasswordFactory implements RequiredActionFactory {
private static final CustomUpdatePassword SINGLETON = new CustomUpdatePassword();
@Override
public String getDisplayText() {
return &quot;Password Update&quot;;
}
@Override
public RequiredActionProvider create(KeycloakSession keycloakSession) {
return SINGLETON;
}
@Override
public void init(Config.Scope scope) {
}
@Override
public void postInit(KeycloakSessionFactory keycloakSessionFactory) {
}
@Override
public void close() {
}
@Override
public String getId() {
return &quot;Password Update&quot;;
}
}

Then these class jars needs to deploy in the jboss folder

COPY --chown=jboss:root /target/&lt;above_project_jar&gt;-*.jar /opt/jboss/keycloak/providers/

通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库，让每个人都能够通过互相帮助和分享经验来进步。

keycloak重定向至更新密码URL：”login-actions/required-action”。

问题

答案1

创建叶节点如何？

使用 Retrofit 2 发送原始 JSON 数据。

BigQuery: java.lang.NoClassDefFoundError: com/google/api/gax/retrying/ExceptionRetryAlgorithm

将多个 JSON 键反序列化为一个字段，使用 Jackson。

What's the correct way to type hint an empty list as a literal in python?

如何在Highcharts Gantt中更改本地化的星期名称

如何在同一个流中使用多个过滤器和映射函数？

如何使用Map/Set来将代码优化到O(n)？

.NET MAUI Android在GitHub Actions上构建失败，错误代码为1。

如何在Playwright视觉比较中屏蔽多个定位器？

在C++中，可以使用可变模板参数来检索类型的内部类型。

selenium.common.exceptions.StaleElementReferenceException: Message: stale element reference: stale element not found

Creating and opening a URL to log in to Website via Basic Auth with Robot Framework/Selenium (Python)

AG Grid 在上下文菜单中以大文本形式打开

发表评论