KeyCloak忘记密码电子邮件链接 [英] KeyCloak Forgot password Email link
问题描述
我们正在使用keycloak实现身份验证.专门用于忘记密码"选项:当用户单击忘记密码"选项并提供用户名时,将会向其ID发送一封电子邮件,其中包含重置密码的链接.
We are implementing Authentication using keycloak. Specifically for forgot password option: When user clicks on Forgot password option, and provides user name, an email will be sent to their id with the link to reset password.
我的问题专门在链接上: 电子邮件中发送的链接如下所示: https://:/auth/realms//login-actions/reset-credentials?code = 但是提到的实际上是一个内部物理主机名,可以在/etc/hosts中找到,但是外部用户无法访问它,因此我们需要替换此host:port号.
My Question is specifically on the link: The link sent out in email looks like below: https://:/auth/realms//login-actions/reset-credentials?code= But the mentioned is really an internal physical host name that can be found in /etc/hosts, but it is not accessible to external users, so we need to replace this host:port number.
.ftl文件中的代码如下所示,位于themes/base/email/html/password-reset.ftl下: $ {msg("passwordResetBodyHtml",link,linkExpiration,realmName)} 从管理控制台中找出linkExpiration和realmName的值(它们在管理控制台中的领域设置"下)时,我无法确定链接"的配置方式和位置.有人可以帮忙吗?
The code in .ftl file looks like below under themes/base/email/html/password-reset.ftl: ${msg("passwordResetBodyHtml",link, linkExpiration, realmName)} While figured out from admin console on where the values for linkExpiration and realmName (They are under Realm Settings in admin console), I am unable to find out how and where the "link" is configured. Can someone please help with this?
I looked up other threads and did some findings, and found this link:(Keycloak - URL Reset Password email behind a proxy, but it really talks about NginX proxy, which we haven't configured.
推荐答案
在与Redhat团队进行了多次讨论之后,解决了该问题.以下是遵循的步骤
Got this resolved after multiple discussion with Redhat team. Below are the steps followed
- 我们正在使用RH SSO 7.0.x:如下添加了proxy-address-forwarding = true.
- We were using RH SSO 7.0.x: Added proxy-address-forwarding=true as below.
服务器没有启动,因为此标记在Keycloak 7.0.x中不可用.经Redhat确认.
The server didn't start because this tag is not available in Keycloak 7.0.x. as confirmed by Redhat.
- 没有升级到RH SSO 7.2.0,并且添加了相同的标志.忘记密码的电子邮件内容具有https:///auth/realms/archcap-au/login-actions/action-token?key =
更改前:
header=x-forwarded-host= <External Host>
header=Host= <Internal host:8443>
更改后:
header=x-forwarded-host= <External Host>
header=Host= <External Host>
该标记将保留转发的主机标头.
the tag would retain the forwarded host header.
这篇关于KeyCloak忘记密码电子邮件链接的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!