I have a weird problem with the password reset flow and unfortunately no idea, how to fix it. I realize that it’s probably very hard to debug remotely, but maybe someone has an idea. Here goes:
• I configured a realm with a
public client for the frontend and a
confidential client for the backend.
• There is a custom
UserStorageProvider and a custom
• Everything is working as expected. Except for the password reset flow.
• That is, the flow itself seems to work. You are able to enter your username and will receive a password reset e-mail.
• However, once you submit your username, you will be redirected to the login page. Without any message.
• A quick look into the developer tools of the browser reveals, that it calls
session_code and what not) but receives a 401 error.
• Debugging Keycloak itself showed, that it executes the
ResetCredentialEmail authenticator just fine.
• It then seems to proceed to the “browser flow” (probably because the flow was forked?). The Kerberos authenticator (
SpnegoAuthenticator), which is part of my browser flow, will immediately return with a challenge (probably because I’m on a Mac) which will result in the aforementioned 401 error to the client.
• The problem goes away (that is, no 401 error is happening and a proper confirmation message is shown) if I deactivate the Kerberos authenticator.
If anyone has any idea, what the problem might be, I would very much appreciate it.
I am also facing the same issue. Is there any update on this?