Integrate privacyidea server with the ¨verify email¨ function of keycloack.

Question

Integrate privacyidea server with the ¨verify email¨ function of keycloack.

sepp67 opened this issue 2 years ago · 5 comments

The function ¨verify email¨ in keycloack, generates a link that is sent via SMS or E-mail to the user when he is login in for the first time or when he changes his e-mail or phone number.

https://www.keycloak.org/docs/latest/server_admin/#con-required-actions_server_administration_guide
Look at: Defining actions required at login --> verify email

Is it possible that the Privacyidea server is sending a token Via SMS or E-mail to the user when the user is login for the first time or when he changes his e-mail or phone number ?

Answer 1 · 2023-01-25T16:01:32.000Z

Thanks we only need it when an user changes its mobile number . The verify email is already an action in keycloak and this can be set as action if the user changes its address. That is why we propose an "valid mobile" action.

Answer 2 · 2023-01-25T17:12:58.000Z

this should be implemented in the server:
https://github.com/privacyidea/privacyidea/issues

Answer 3 · 2023-01-25T17:32:33.000Z

This is coming from an internal discussion as request we opened by netknights. So your colleague opened it in the wrong project? Is it a keycloak issue.

Answer 4 · 2023-01-26T08:47:06.000Z

Yes this should be implemented in the server, because if we do this, we want the option in all our plugins not just keycloak. I would guess that we do not even have to change a thing here, because SMS token are already usable and it just a matter of triggering an SMS at a certain point. That triggering is not something our provider should control but rather the server as the manageing component.
The new issue is privacyidea/privacyidea#3491

Answer 5 · 2023-01-26T08:49:50.000Z

Thanks for the explanation @nilsbehlen