Captain-P-Goldfish/scim-for-keycloak

Issue with UPDATE_PASSWORD action when using scim-for-keycloak

Closed this issue · 4 comments

Mathis-Gr commented

Hello,
I found out a strange behavior when using the scim-for-keycloak extension, indeed after updating a password with the UPDATE_PASSWORD action there is an error message :
image

When looking into the logs i got :

WARN [org.keycloak.events] (executor-thread-12) type="LOGIN_ERROR", realmId="62e7d0d7-0ace-4a00-98a4-851cbdf1bc8a", clientId="account-console", userId="c0923cb1-0287-462a-8f05-e14c3288f495", ipAddress="172.18.0.1", error="different_user_authenticated", auth_method="openid-connect", custom_required_action="UPDATE_PASSWORD", response_type="code", redirect_uri="http://localhost:18080/realms/test/account/#/security/signingin", remember_me="false", consent="no_consent_required", previous_user="c0923cb1-0287-462a-8f05-e14c3288f495", code_id="7fe95409-d1d2-4be9-b8f8-3c2d54bd832e", response_mode="fragment", username="toto"

The userId of the toto account is indeed c0923cb1-0287-462a-8f05-e14c3288f495

This behaviour is only happening when the scim-for-keycloak extension is installed.
I used keycloak 23.x and 24.x on docker.

Thank you,

Mathis.

Captain-P-Goldfish commented

Could you please describe the steps how to exactly reproduce this?
I have tried to update my password with the plugin installed and I get no problems on login.

Mathis-Gr commented

I use this docker compose :

version: '3.7'
services:
  keycloak:
    container_name: keycloak-dev
    image: "quay.io/keycloak/keycloak:23.0.6"
    ports:
    - 18080:8080
    environment:
      KEYCLOAK_ADMIN: admin
      KEYCLOAK_ADMIN_PASSWORD: admin
      KC_SPI_THEME_WELCOME_THEME: scim
      KC_SPI_REALM_RESTAPI_EXTENSION_SCIM_LICENSE_KEY: <replaced>
    command: ['start-dev','--debug']
    volumes:
    - ./jars/scim-for-keycloak-kc-23-2.1.0-SNAPSHOT-free.jar:/opt/keycloak/providers/scim-for-keycloak-kc-23-2.1.0-SNAPSHOT-free.jar

The steps i do :

  1. Login in the master realm of keycloak
  2. Creating a new realm : test
  3. Creating a new user : toto
  4. setting a password (not temporary) for toto
  5. Login in http://server/realms/test/account/ with toto
  6. going to http://server/realms/test/account/#/security/signingin
  7. clicking the update button to update the password
  8. reauthenticate if necessary
  9. entering a new password and clicking submit
  10. the error message is here

I tried with scim-for-keycloak-kc-23-2.1.0-SNAPSHOT-free.jar and also scim-for-keycloak-kc-24-2.0.0-free.jar with a version 24 of keycloak.

Thanks,

Mathis.

Captain-P-Goldfish commented

Thx for the report.
Problem found and fixed. Available in version kc-23-2.1.0-free (SNAPSHOT).
I am planning to release version 2.1.0 next week. I am still waiting for some testing reports though.

Mathis-Gr commented

Great job, thank you.