KeyCloak忘记密码电子邮件链接 [英] KeyCloak Forgot password Email link

问题描述

我们正在使用keycloak实现身份验证.专门用于忘记密码"选项:当用户单击忘记密码"选项并提供用户名时，将会向其ID发送一封电子邮件，其中包含重置密码的链接.

We are implementing Authentication using keycloak. Specifically for forgot password option: When user clicks on Forgot password option, and provides user name, an email will be sent to their id with the link to reset password.

我的问题专门在链接上: 电子邮件中发送的链接如下所示: https://:/auth/realms//login-actions/reset-credentials?code = 但是提到的实际上是一个内部物理主机名，可以在/etc/hosts中找到，但是外部用户无法访问它，因此我们需要替换此host:port号.

My Question is specifically on the link: The link sent out in email looks like below: https://:/auth/realms//login-actions/reset-credentials?code= But the mentioned is really an internal physical host name that can be found in /etc/hosts, but it is not accessible to external users, so we need to replace this host:port number.

.ftl文件中的代码如下所示，位于themes/base/email/html/password-reset.ftl下: $ {msg("passwordResetBodyHtml"，link，linkExpiration，realmName)} 从管理控制台中找出linkExpiration和realmName的值(它们在管理控制台中的领域设置"下)时，我无法确定链接"的配置方式和位置.有人可以帮忙吗?

The code in .ftl file looks like below under themes/base/email/html/password-reset.ftl: ${msg("passwordResetBodyHtml",link, linkExpiration, realmName)} While figured out from admin console on where the values for linkExpiration and realmName (They are under Realm Settings in admin console), I am unable to find out how and where the "link" is configured. Can someone please help with this?

我查找了其他线程并做了一些发现，然后找到了此链接:(

I looked up other threads and did some findings, and found this link:(Keycloak - URL Reset Password email behind a proxy, but it really talks about NginX proxy, which we haven't configured.

推荐答案

在与Redhat团队进行了多次讨论之后，解决了该问题.以下是遵循的步骤

Got this resolved after multiple discussion with Redhat team. Below are the steps followed

1. 我们正在使用RH SSO 7.0.x:如下添加了proxy-address-forwarding = true.

1. We were using RH SSO 7.0.x: Added proxy-address-forwarding=true as below.

服务器没有启动，因为此标记在Keycloak 7.0.x中不可用.经Redhat确认.

The server didn't start because this tag is not available in Keycloak 7.0.x. as confirmed by Redhat.

1. 没有升级到RH SSO 7.2.0，并且添加了相同的标志.忘记密码的电子邮件内容具有https:///auth/realms/archcap-au/login-actions/action-token?key =

更改前:

    header=x-forwarded-host= <External Host>
    header=Host= <Internal host:8443>

更改后:

    header=x-forwarded-host= <External Host>
    header=Host= <External Host>

该标记将保留转发的主机标头.

the tag would retain the forwarded host header.

这篇关于KeyCloak忘记密码电子邮件链接的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！