Hi, I am trying to configure ‘Terms and conditions’ on a realm, and I have some problems. I am running keycloak 22.0.3
I set ‘Terms and Conditions’ as ‘Enabled’ and ‘Set as Default Action’ on Required Actions. When I did that I expected a default ‘terms and conditions’ page to appear after registration but nothing happened. Registration proceeded with the exact same steps as if I hadn’t enabled it. Is this normal? What is the purpose behind ‘Set as Default Action’ then?
I duplicated the registration flow and managed to create a new registration flow that included ‘terms and conditions’ as a separate step. Changing the original registration flow was not possible (I am sort of ok with this). Now I have a checkbox asking me to accept terms and conditions. I suppose this is ok, but is this the correct way to do it?
Obviously someone wants all new users to accept terms and conditions, even users that first login via an identity provider. I am puzzled on how to do it now. I duplicated the first-broker-login flow, and change it so that there is an alternative flow that triggers terms and conditions. But now the user fills in his profile and then on the next step needs to refill all the info as if registering from the start.
So what is the proper way to make all users before their first login to accept terms and conditions?
If it’s a custom User Storage SPI and you can modify the code, your user adapter could extend the AbstractUserAdapterFederatedStorage class, which is prepared to store additional attributes to an external user in Keycloak. Maybe you have to implement/overwrite a few more methods, but would be the way to go.
Hi, and thanks for the answers. Indeed the custom User SPI need to specifically enable required actions after user creation. This is not very clear in the docs. So one needs to add something along the following lines to add required actions after the user is created (I am adding it for the case someone needs it)
in your StorageProvider class:
@Override
public UserModel addUser(RealmModel realm, String username) {
// add user blah blah blah
// and add the following too:
realm.getRequiredActionProvidersStream()
.filter(RequiredActionProviderModel::isEnabled)
.filter(RequiredActionProviderModel::isDefaultAction)
.map(RequiredActionProviderModel::getAlias)
.forEach(userAdapter::addRequiredAction);
For anyone else combing through here, there is a VERY EASY way to require users to agree to T&C’s on user registration. Basically go to the realm settings → user profile → attributes → CREATE ATTRIBUTE. Then basically create an OPTION attribute with one option that says I agree to the T&C’s / Privacy Policy and set it to “REQUIRED”. I have a full tutorial of the process here: https://medium.com/@fieryphoenixtech/keycloak-terms-privacy-policy-configuration-67ff57b58ee2 Hope it helps!