[midPoint] Self Credentials Page - Old Password - Keycloak
João Paulo Ribeiro
joparibeiro at gmail.com
Tue Oct 15 20:28:25 CEST 2024
Hello!
I have a midPoint 4.8.4 + Keycloak scenario. I would like to know if there
is any configuration I can do so that while an end user is changing his/her
own password (in credentials self-service page), midpoint would prompt for
the old OIDC password instead of the old password from the midPoint
respository. I am using AD as user federation in Keycloak.
I've set storageType=none in the security policy, but when I try to change
the own password by entering the old AD password in "Old Password" field,
midPoint says that the old password is incorrect.I think it is looking for
the old password in the repository, in m_object.fullobject, but obviously,
there is no password defined there, due to storageType=none.
I could simply remove the "Old Password" field from the self-service
credentials UI (using passwordChangeSecurity=none in the security policy),
but for security reasons I think it's important that the end user to
provide the old password.
Thanks in advance.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20241015/006af5a9/attachment.htm>
More information about the midPoint
mailing list