Uploaded image for project: 'Red Hat build of Keycloak'
  1. Red Hat build of Keycloak
  2. RHBK-2766

Change default value for force-login option in reset-credential-email [GHI#37207]

XMLWordPrintable

    • False
    • Hide

      None

      Show
      None
    • False

      Before reporting an issue

      [x] I have read and understood the above terms for submitting issues, and I understand that my issue may be closed without action if I do not follow them.

      Area

      authentication

      Describe the bug

      Follow-up of #36844. After talking with the team we decided to change the default value for the new force-login option in the reset-credential-email authenticator. This should be secure by default. Two possible solutions:

      • Change the default to true to always login again.
      • Add a third option similar to only-federated that only force the login for federated users and make it default. This way the behavior is only changed for federated users and internal DB users work in the same way.

      Version

      26.1.1

      Regression

      [ ] The issue is a regression

      Expected behavior

      N/A

      Actual behavior

      N/A

      How to Reproduce?

      N/A

      Anything else?

      No response

              Unassigned Unassigned
              pvlha Pavel Vlha
              Keycloak Core Clients
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                Resolved: