Keycloak Update password action requires entry twice

paulkilla · December 10, 2019, 11:43pm

Hey,

I have a workflow where I create a user in keycloak (using active directory as user federation via ldaps) and then I perform a reset credential with the action of Update Password.
This successfully sends an e-mail to the user with a link to perform this action, upon entering a new password, and the confirm new password when I hit the submit button, I get prompted with the same screen again. Only after this time does it complete the action.

In the logs all I see is the following 2 lines which are the same (except the timestamp - which correlates to the 2 update password screens I get):
2019-12-11 08:41:00,499 INFO [org.keycloak.events] (default task-23) type=UPDATE_PASSWORD, realmId=realm_name, clientId=account, userId=f1720b92-dcfa-4b22-b0e6-0805a0668a4c, ipAddress=10.10.10.10, auth_method=openid-connect, custom_required_action=UPDATE_PASSWORD, response_type=code, redirect_uri=https://url/keycloak/auth/realms/realm_name/account/, remember_me=false, code_id=e01cc5f3-ef24-42ed-9917-1f2e5b36276c, response_mode=query, username=john.doe
2019-12-11 08:41:04,796 INFO [org.keycloak.events] (default task-23) type=UPDATE_PASSWORD, realmId=realm_name, clientId=account, userId=f1720b92-dcfa-4b22-b0e6-0805a0668a4c, ipAddress=10.10.10.10, auth_method=openid-connect, custom_required_action=UPDATE_PASSWORD, response_type=code, redirect_uri=https://url/keycloak/auth/realms/realm_name/account/, remember_me=false, code_id=e01cc5f3-ef24-42ed-9917-1f2e5b36276c, response_mode=query, username=john.doe

Has anyone come across this before? And/Or know of a solution?

Thanks

dineshkumares · February 7, 2020, 3:59am

Hey Did you find any solution I am also facing the same issue.

Even when I execute VERIFY_EMAIL instead of UPDATE_PASSWORD its asking to update the password twice.

Please do let me know if there is a work around or you found a soultion.

paulkilla · June 23, 2020, 4:33am

Hi yes, sorry for the slowness, the solution was to set a ‘temporary’ password first, e.g. a random 20+ character string. Then when the user goes to update their password it only asks once.

abhishekkec322 · October 13, 2020, 5:08am

Hi @paulkilla , I am also facing same issue and any help would be much appreciated.

Is there any way to disable this “Temporary Password” by default and enable if its required?

My user creation is working fine and user is receiving email to verify email and reset the password on the linked email. However, user still need to enter password twice (As you mentioned above, first time to set temporary password and next time to update temporary password).

However, in general user should not be asked to first set temporary password and later change the password set by himself.

abhishekkec322 · October 28, 2020, 5:30am

I solved this by setting default value of “pwdLastSet” as -1 for ldap mapper and just enabling “update password” under authentication.

Topic		Replies	Views
Keycloak UPDATE_PASSWORD updates a user password but repeatedly asks to update password - only for a particular user Getting advice	0	909	January 4, 2021
Auto login after password reset from execute-actions-email Getting advice authentication	3	2655	December 23, 2021
How to trigger the "update password" page in keycloak for users Getting advice	10	7974	January 26, 2024
Password policy change not forcing user to update password Getting advice	3	1180	September 14, 2022
Get message "Your password has been updated." after reset password Getting advice	2	960	January 31, 2024

Keycloak Update password action requires entry twice

Related Topics