Coder Social home page Coder Social logo

keycloak-phone-provider's Introduction

Keycloak (Quarkus 21.x.x) Phone Provider

Build Status ci ci

  • Phone support like e-mail
  • One Time Password (OTP) by phone
  • Login by phone
  • Register with phone
  • Authentication by phone
  • Reset password by phone

sms voice phone one key login

With this provider you can enforce authentication policies based on a verification token sent to users' mobile phones. Currently, there are implementations for:

  • Aliyun
  • AWS SNS
  • Cloopen
  • Tencent
  • TotalVoice
  • Twilio,
  • YunTongXun SMS

More services can be added with ease due to the modularity of the code. In fact, nothing would stop you from implementing a sender of TTS calls or WhatsApp messages.

This is what you can do for now:

  • Check ownership of a phone number (Forms and Rest API)
  • Use SMS as second factor in 2FA method (Browser flow)
  • Login by phone (Browser flow)
  • Reset Password by phone
  • Authentication by phone (Rest API)
  • Authenticate everybody by phone, auto create user on Grant (Rest API)
  • Register with phone
  • Register only phone (username is phone number)
  • Register add user attribute with redirect_uri params

Features

New in Version 2.3.3

  • Add Condition - phone provided #46

New in Version 2.3.2

  • fix phone login form display error!

New in Version 2.3.1

  • Canonicalize phone numbers using Google's libphonenumbers
  • Valid phone number using Google's libphonenumbers
  • Cli param number-regx rename to number-regex, and match regex at after canonicalize phone number
  • Fixed Bug #40 OTP Cookie bypass
  • Remove OTP setting Cookie Max Age and add cli param otp-expires
  • Refactor OTP , only use Credential's phone number (The certificate's phone number comes from Required action Configure OTP over SMS or setting Create OTP Credential in user registration ), Regardless of the user's phone number
  • Cli param hour-maximum rename to target-hour-maximum
  • Add cli param source-hour-maximum

Migration:

  • Set cli param canonicalize-phone-numbers is "" or compatible is true , because in old user data phone number is not canonicalize.
  • Change number-regx to number-regex and change regex match after canonicalize phone number

New in Version 2.2.2

  • fix phone number as username bug #24

Compatibility

This was initially developed using Quarkus Keycloak as baseline. Wildfily keycloak is not supported anymore and I did not test user storage beyond Kerberos or LDAP. I may try to help you but I cannot guarantee.

Usage

Installing:

If you want to build the project, simply run examples/docker-build.sh after cloning the repository.

  • keycloak-phone-provide
    main

  • keycloak-phone-provide.resources
    theme

  • keycloak-sms-provider-dummy
    test message will print to console.

    For sms service provider, choose one of:
    keycloak-sms-provider-aws-sns
    keycloak-sms-provider-totalvoice
    keycloak-sms-provider-twilio
    keycloak-sms-provider-cloopen
    keycloak-sms-provider-yunxin
    keycloak-sms-provider-aliyun
    keycloak-sms-provider-tencent

  • Local

    1. local keycloak installed: copy the target\providers to keycloak home directory
    2. kc.[sh|bat] build
    3. Start Keycloak.

  • Cli params

  kc.[sh|bat] start \
    --spi-phone-default-service=[dummy|aws|aliyun|cloopen| ...]  # Which sms provider
    --spi-phone-default-token-expires-in=60  # sms expires ,default 60 second
    --spi-phone-default-source-hour-maximum=10 # How many send from ip address sms count in one hour, Zero is no limit. default 10 
    --spi-phone-default-target-hour-maximum=3 # How many send to phone number sms count in one hour, Zero is no limit, default 3 
    --spi-phone-default-[$realm-]duplicate-phone=false # allow one phone register multi user, default: false
    --spi-phone-default-[$realm-]default-number-regex=^\+?\d+$ #Notice: will match after canonicalize number. eg: INTERNATIONAL: +41 44 668 18 00 , NATIONAL: 044 668 18 00 , E164: +41446681800
    --spi-phone-default-[$realm-]valid-phone=true # valid phone number, default: true
    #whether to parse user-supplied phone numbers and put into canonical International E.163 format.  _Required for proper duplicate phone number detection_
    --spi-phone-default-[$realm-]canonicalize-phone-numbers=E164 #[E164,INTERNATIONAL,NATIONAL,RFC3966], default: "" un-canonicalize;  
    #a default region to be used when parsing user-supplied phone numbers. Lookup codes at https://www.unicode.org/cldr/cldr-aux/charts/30/supplemental/territory_information.html
    --spi-phone-default-[$realm-]phone-default-region=US #default: use realm setting's default Locate; 
    #if compatible is true then search user will be use all format phone number 
    --spi-phone-default-[$realm-]compatible=false #default: false
    #Prevent 2FA from always happening for a period of time
    --spi-phone-default-[$realm-]otp-expires=3600 #default: 60 * 60; 1 hour

    ...  # provider param refer provider`s readme.md

Theme

You will need to change the realm login theme to phone.

You can create a customized theme base on phone.

  parent=phone

Phone registration support

Two user attributes are going to be used by this provider: phoneNumberVerified (bool) and phoneNumber (str). Multiple users can have the same phoneNumber, but only one of them will have phoneNumberVerified = true at the end of a verification process. This accommodates the use case of pre-paid numbers that get recycled if inactive for too much time.

Under Authentication > Flows:

  • Copy the Registration flow to Registration with phone flow through the menu button on the right of the registration flow

  • Replace Registration User Creation with Registration Phone User Creation

  • (Optional) Click on settings for Registration Phone User Creation to configure it

  • (Optional) To enable phone verification, click on Registration with phone registration Form >Add Phone validation if you want to verify phone.

  • (Optional) Read query parameter add to user attribute:
    Click on Registration with phone registration Form > Actions > Add execution on the Query Parameter Reader line
    Click on Registration with phone registration Form > Actions > configure add accept param name in to

  • (Optional) Hidden password field:
    Delete or disable Password Validation.

  • (Optional) if not any user profile:
    Delete or disable Profile Validation

Set all added items as Required.

On the Authentication page, bind Registration with phone to Registration flow and select it to be Required.

Under Realm Settings > Themes Set Login Theme to phone

Tip: If Realm parameter Email as username is true, then config Phone number as username and hide email is invalid!
If parameter duplicate-phone is true then Phone number as username is invalid!

Registration with phone

Registration URL:

http://<domain>/realms/<realm name>/protocol/openid-connect/registrations?client_id=<client id>&response_type=code&scope=openid%20email&redirect_uri=<redirect_uri>

Login by phone

Under Authentication > Flows:

  • Copy the Browser flow to Browser with phone flow
  • Replace Username Password Form with Phone Username Password Form
  • Click on the settings icon next to Phone Username Password Form to configure.

Under Realm Settings > Themes Set Login Theme as phone

Set Bind Browser with phone to Browser flow On the Authentication page, bind Browser with phone to Browser flow

Login By phone

2FA by Phone OTP

Phone OTP uses OTP Credential's phone number,Different from the user's phone number, Credential's phone number come from required actions Configure OTP over SMS, Unless the Create OTP Credential is enabled on user registration flow.

On Authentication page, copy the browser flow and replace OTP with OTP Over SMS . Don't forget to bind this flow copy as the de facto browser flow. Finally, Enable the required actions Configure OTP over SMS in the Required Actions tab.

OTP

Only use phone login or get Access token use endpoints:

Under Authentication > Flows:

  • Copy the Direct Grant flow to Direct grant with phone flow
  • Click on Add step on the Provide Phone Number line
  • Click on Add step on the Provide Verification Code line
  • Delete or disable other
  • Set both of Provide Phone Number and Provide Verification Code to REQUIRED

Under Clients > $YOUR_CLIENT > Advanced > Authentication Flow Overrides Bind Direct Grant Flow to Direct grant with phone

Setting

Either Phone/Otp or Username/Password : Setting

Android client example

Everybody phone number( if not exists create user by phone number) get Access token use endpoints:

Under Authentication > Flows:

  • Copy the Direct Grant flow to Direct grant everybody with phone flow
  • Click on Actions > Add step on the Authentication Everybody By Phone line and move to first
  • Delete or disable other
  • Set Authentication Everybody By Phone to REQUIRED

Under Clients > $YOUR_CLIENT > Advanced > Authentication Flow Overrides Set Direct Grant Flow to Direct grant everybody with phone

About the API endpoints:

You'll get 2 extra endpoints that are useful to do the verification from a custom application.

  • GET /realms/{realmName}/sms/verification-code?phoneNumber=+5534990001234 (To request a number verification. No auth required.)
  • POST /realms/{realmName}/sms/verification-code?phoneNumber=+5534990001234&code=123456 (To verify the process. User must be authenticated.)

You'll get 2 extra endpoints that are useful to do the access token from a custom application.

  • GET /realms/{realmName}/sms/authentication-code?phoneNumber=+5534990001234 (To request a number verification. No auth required.)
  • POST /realms/{realmName}/protocol/openid-connect/token Content-Type: application/x-www-form-urlencoded grant_type=password&phone_number=$PHONE_NUMBER&code=$VERIFICATION_CODE&client_id=$CLIENT_ID&client_secret=$CLIENT_SECRECT

And then use Verification Code authentication flow with the code to obtain an access code.

Reset Credentials

Under Authentication > Flows:

  • Copy the Reset credentials flow to Reset credentials with phone flow
  • Click on Add step on the Rest Credential With Phone line
  • Click on Add step on the Send Rest Email If Not Phone line
  • Delete or disable other
  • set Send Rest Email If Not Phone to Conditional
  • Set both of Rest Credential With Phone and Reset Password to REQUIRED

Set Bind Reset credentials with phone to Reset credentials flow

Authentication setting

Conditional

Condition - phone provided

Required Action

  • Update Phone Number update user's phone number on next login.
  • Configure OTP over SMS update OTP Credential's phone number on next login.

Phone one key login Testing , coming soon!

Thanks

Some code written is based on existing ones in these two projects: keycloak-sms-provider and keycloak-phone-authenticator. Certainly I would have many problems coding all those providers blindly. Thank you!

keycloak-phone-provider's People

Contributors

cooperlyt avatar jeff-tian avatar mapidentity avatar njoodd avatar rossrogers avatar towe75 avatar vsegfault avatar yogeswaran-htc-git avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar avatar avatar

Forkers

zhenyangze mankolahi bfyxzls juniar-rakhman jdluna liweihan pascomnet dentakoy dotbr hainakus indisateesh xiersa kirinse fannyfur nicksablukov devfadl pushm0v sguesdon hydra1983 xanddol varagos wpcfan zeb-dream mohamedgawad georgeyan zhangjie920222 lawhw richieroldan cheseremtitus24 hueidou redben keycloak-plugins amnuay yangboyd koprab markkupekkarinen oluexpert99 ergoz vsegfault a-f0x sequent5 randomeus julienfollow translf yoannguion pavan-gwda onlyshishir melshafie rebase101 koekj zhaofei2022 mic-r weidiaoxiang jaluanda ring-phrodo thatwho kuku65 zhenailuoye1 diego-araujo minhnhut0602 psoftsaket squarshednanners cunglam lesliedou rossrogers romain7495 azaraalerts longinf-com netsoro erelego-technologies-pvt-ltd kitabisa lindongy devsoft1999 thetribeio easyuncomcn devpil drunkcattt mrthetkhine pstinghua samsonkehinde mapidentity selimppc reyx zjjfly livelyvideo nrthyrk bacnv nivalit nestor625 mykey-social-network vivekko aolmez gurolg crecendow youb93 xtreme-uz jian-pumpking jeff-tian eryzhkov mertcanakdeniz

keycloak-phone-provider's Issues

Facing issues with Registration by Phone Flow

Hi,

I was trying out keycloak-phone-provider with Keycloak v21.1.1. I configured the registration by phone flow as mentioned in the README.md of this respositiry.

The screenshots for the same are shown below for reference:

image
image
image

Also, I had disabled Email As UserName feature and I added the two attributes for users: phoneNumber and phoneNumberVerfiied.

image
image

Now, when I try to register a new user using Phone number, although the registration is successful and username is persisted in DB with the phone number but the two attributes phoneNumber. and phoneNumberVerified are not persisted in the DB. Because of this when the new user tries to login using Phone Number, the Keycloak returns a LOGIN_ERROR with user not found

I am using the latest master branch of keycloak-phone-provider with Keycloak v21.1.1

Any help will be highly appreciated.

Normal login after fail login

i have a problem in login with phone.
When login fails, the basic (keycloak theme) login page is displayed.
thanks

2022-09-13_21-43-31_2022-09-13_21-43-31.mp4

Use SMS as second factor in 2FA method (Browser flow) - bypass

Hi,

When a user has the cookie SMS_OTP_ANSWERED set in the browser the user bypasses the phone verification challange. This seems to be a feature but can be used with malicious intent to bypass the phone verification challange. Any data that the user can manipulate should never be trusted. I am referring to the following line in the code:

keycloak-phone-provider/keycloak-phone-provider/src/main/java/cc/coopersoft/keycloak/phone/authentication/authenticators/browser/SmsOtpMfaAuthenticator.java

Line 95 in 7c9a67c

if (hasCookie(context)) {

Reproduction steps

  1. Create user and configure OTP with SMS. Also make sure OTP with SMS is enabled for the browser flow.
  2. At the login page, open developer tool in the browser and add the cookie SMS_OTP_ANSWERED with the value true for the path /realms/{realm-name}.
  3. Provide login credentials and login.
  4. You will not be prompted for phone verification. If the cookie was not set in the browser you would be prompted for phone verification.

Could you either remove the feature, implemented in another way or add a configuration to opt out from the feature. As it is now, any user could bypass the phone verification by simply adding a cookie in their browser,

mvn package issue

When I put "mvn package" in home directory of project, I face following error, Can you please help me

"[INFO] Scanning for projects...
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Build Order:
[INFO]
[INFO] keycloak-phone-provider [pom]
[INFO] keycloak-phone-provider [jar]
[INFO] keycloak-phone-provider.resources [jar]
[INFO] keycloak-sms-provider-twilio [jar]
[INFO]
[INFO] ------------< cc.coopersoft:keycloak-phone-provider-parent >------------
[INFO] Building keycloak-phone-provider 2.3.4-snapshot [1/4]
[INFO] --------------------------------[ pom ]---------------------------------
[WARNING] The POM for org.apache.maven.plugins:maven-resources-plugin:jar:2.10.0 is missing, no dependency information available
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary for keycloak-phone-provider 2.3.4-snapshot:
[INFO]
[INFO] keycloak-phone-provider ............................ FAILURE [ 0.013 s]
[INFO] keycloak-phone-provider ............................ SKIPPED
[INFO] keycloak-phone-provider.resources .................. SKIPPED
[INFO] keycloak-sms-provider-twilio ....................... SKIPPED
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 0.097 s
[INFO] Finished at: 2023-06-27T16:05:54+05:30
[INFO] ------------------------------------------------------------------------
[ERROR] Plugin org.apache.maven.plugins:maven-resources-plugin:2.10.0 or one of its dependencies could not be resolved: Failure to find org.apache.maven.plugins:maven-resources-plugin:jar:2.10.0 in https://repo.maven.apache.org/maven2 was cached in the local repository, resolution will not be reattempted until the update interval of central has elapsed or updates are forced -> [Help 1]
[ERROR]
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR]
[ERROR] For more information about the errors and possible solutions, please read the following articles:
[ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/PluginResolutionException
"

Installing provider k8s bitbucket/keycloak

Hi,

I am trying to add plugin to bitnami/keycloak distribution. I am using helm chart which utilizes bitnami/keycloak:20.0.5-debian-11-r4 image. I am creating docker image with jar files:

FROM busybox:latest
RUN mkdir -p /opt/tmp
ADD https://github.com/cooperlyt/keycloak-phone-provider/releases/download/21.0.1_phone-2.2.2/keycloak-phone-provider.jar /opt/tmp/
ADD https://github.com/cooperlyt/keycloak-phone-provider/releases/download/21.0.1_phone-2.2.2/keycloak-phone-provider.resources.jar /opt/tmp/
ADD https://github.com/cooperlyt/keycloak-phone-provider/releases/download/21.0.1_phone-2.2.2/keycloak-sms-provider-twilio.jar /opt/tmp/

then I am attaching this as init container and copy all jar files to the shared mounted volume which is then mounted on the path "/opt/bitnami/keycloak/providers" in mentioned bitnami image. By start getting following error:

2023-04-04T18:09:43.528822877Z ERROR: Failed to run 'build' command.
2023-04-04T18:09:43.528843669Z ERROR: java.io.IOException: Failed to create a new filesystem for /opt/bitnami/keycloak/lib/../providers/keycloak-phone-provider.resources.jar
2023-04-04T18:09:43.528875585Z ERROR: Failed to create a new filesystem for /opt/bitnami/keycloak/lib/../providers/keycloak-phone-provider.resources.jar
2023-04-04T18:09:43.528887710Z ERROR: zip END header not found
2023-04-04T18:09:43.528890877Z For more details run the same command passing the '--verbose' option. Also you can use '--help' to see the details about the usage of the particular command.

Can you help? Thank you in advance.

P.S. Before I was installing on the same image some different plugin using the same procedure - it worked.

Login with phone number only in browser flow

Hi @cooperlyt,
First, many thanks for you effort in this project. As i understand, i can config to login with Username or PhoneNumber by using "Phone Username Password Form". But in my case, i'm using phoneNumber as username, so how can i login with phoneNumber and password (i also need MFA as well)?

Thank you!

Login impossible for federated users

Upon entering a valid code and clicking login an sql exception gets thrown, Value too long for column "BY_WHOM". This prevents the user from successful login. This is caused by the column BY_WHOM being 36 characters which is enough to store a UUID, but federated users have a format that exceeds this length. The storage id for these users consist of "f:" + component id + ":" + external id. The component id here is the UUID of the configured provider (36 characters), which by definition makes this too small. See also Keycloak's documentation about storage ids.

Increasing the width of this column fixes this issue. I propose a length of at least (admittedly arbitrary) 80 characters.

Keycloak 21.1 - Realm (default) locale setting is not recognized.

The realm's default locale setting doesn't match the encoded regular expression.
I see that the passed value is "en" or "fr" but not "en-EN" or "fr-FR" as expected by this regex.

See this attached screenshot (cc.coopersoft.keycloak.phone.utils)

image

Therefore, the default locale is always null
unless "spi-phone-default-[$realm-]phone-default-region" is defined.

自定义的spi没有自动注册到keycloak的问题

您好,我问一下,咱们自定义的spi,
QQ截图20210127155703

例如 org.keycloak.phone.providers.spi.TokenCodeServiceSpi,他没有被注入到keycloak里,也就是说,在TokenCodeResource的getTokenCode方法里,获取session.getProvider(PhoneMessageServiceProvider.class)的结果一直为null,请问这是什么原因,有解决方法吗?
我部署时,都是直接使用docker cp把包复制到/opt/jboss/keycloak/standalone/deployments下面的

about sms register/login flow configuraiton

Hi,
I checkout the provider and yunxin sms provider and started keyloak in docker successfully.
But I cannot add the sms register/login flow by following the ReadMe, is there more detail guide about the configuraiton?

Thank you

Problems installing it on Keycloak(12.0.2)

Thanks for this great work, it helps us to provide phone authentication to our users and it is very cool.

I found a mismatch on the documentation:
<provider>module:keycloak-sms-provider</provider> should be <provider>module:keycloak-phone-provider</provider>, isn't it?

17:58:55,206 INFO [org.keycloak.services] (ServerService Thread Pool -- 64) KC-SERVICES0001: Loading config from standalone.xml or domain.xml

17:58:55,261 FATAL [org.keycloak.services] (ServerService Thread Pool -- 64) Error during startup: java.lang.RuntimeException: org.jboss.modules.ModuleNotFoundException: keycloak-sms-provider

Fixing this in my installation file i got the next issue:

18:08:28,688 INFO [org.keycloak.services] (ServerService Thread Pool -- 71) KC-SERVICES0001: Loading config from standalone.xml or domain.xml

18:08:28,736 FATAL [org.keycloak.services] (ServerService Thread Pool -- 71) Error during startup: java.lang.RuntimeException: org.jboss.modules.ModuleNotFoundException: keycloak-phone-provider

at [email protected]//org.keycloak.provider.wildfly.ModuleProviderLoaderFactory.create(ModuleProviderLoaderFactory.java:45)

at [email protected]//org.keycloak.provider.ProviderManager.<init>(ProviderManager.java:65)

at [email protected]//org.keycloak.services.DefaultKeycloakSessionFactory.init(DefaultKeycloakSessionFactory.java:90)

at [email protected]//org.keycloak.services.resources.KeycloakApplication.createSessionFactory(KeycloakApplication.java:260)

at [email protected]//org.keycloak.services.resources.KeycloakApplication.startup(KeycloakApplication.java:125)

at [email protected]//org.keycloak.provider.wildfly.WildflyPlatform.onStartup(WildflyPlatform.java:29)

at [email protected]//org.keycloak.services.resources.KeycloakApplication.<init>(KeycloakApplication.java:115)

at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)

at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)

at java.base/jdk.internal.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)

at java.base/java.lang.reflect.Constructor.newInstance(Constructor.java:490)

at [email protected]//org.jboss.resteasy.core.ConstructorInjectorImpl.construct(ConstructorInjectorImpl.java:152)

at [email protected]//org.jboss.resteasy.spi.ResteasyProviderFactory.createProviderInstance(ResteasyProviderFactory.java:2815)

at [email protected]//org.jboss.resteasy.spi.ResteasyDeployment.createApplication(ResteasyDeployment.java:371)

at [email protected]//org.jboss.resteasy.spi.ResteasyDeployment.startInternal(ResteasyDeployment.java:283)

at [email protected]//org.jboss.resteasy.spi.ResteasyDeployment.start(ResteasyDeployment.java:93)

at [email protected]//org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.init(ServletContainerDispatcher.java:140)

at [email protected]//org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.init(HttpServletDispatcher.java:42)

at [email protected]//io.undertow.servlet.core.LifecyleInterceptorInvocation.proceed(LifecyleInterceptorInvocation.java:117)

at [email protected]//org.wildfly.extension.undertow.security.RunAsLifecycleInterceptor.init(RunAsLifecycleInterceptor.java:78)

at [email protected]//io.undertow.servlet.core.LifecyleInterceptorInvocation.proceed(LifecyleInterceptorInvocation.java:103)

at [email protected]//io.undertow.servlet.core.ManagedServlet$DefaultInstanceStrategy.start(ManagedServlet.java:305)

at [email protected]//io.undertow.servlet.core.ManagedServlet.createServlet(ManagedServlet.java:145)

at [email protected]//io.undertow.servlet.core.DeploymentManagerImpl$2.call(DeploymentManagerImpl.java:588)

at [email protected]//io.undertow.servlet.core.DeploymentManagerImpl$2.call(DeploymentManagerImpl.java:559)

at [email protected]//io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:42)

at [email protected]//io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43)

at [email protected]//org.wildfly.extension.undertow.security.SecurityContextThreadSetupAction.lambda$create$0(SecurityContextThreadSetupAction.java:105)

at [email protected]//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1530)

at [email protected]//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1530)

at [email protected]//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1530)

at [email protected]//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1530)

at [email protected]//io.undertow.servlet.core.DeploymentManagerImpl.start(DeploymentManagerImpl.java:601)

at [email protected]//org.wildfly.extension.undertow.deployment.UndertowDeploymentService.startContext(UndertowDeploymentService.java:97)

at [email protected]//org.wildfly.extension.undertow.deployment.UndertowDeploymentService$1.run(UndertowDeploymentService.java:78)

at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:515)

at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)

at [email protected]//org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35)

at [email protected]//org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1990)

at [email protected]//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1486)

at [email protected]//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1377)

at java.base/java.lang.Thread.run(Thread.java:834)

at [email protected]//org.jboss.threads.JBossThread.run(JBossThread.java:513)

Caused by: org.jboss.modules.ModuleNotFoundException: keycloak-phone-provider

at org.jboss.modules.ModuleLoader.loadModule(ModuleLoader.java:297)

at org.jboss.modules.ModuleLoader.loadModule(ModuleLoader.java:283)

at [email protected]//org.keycloak.provider.wildfly.ModuleProviderLoaderFactory.create(ModuleProviderLoaderFactory.java:41)

... 42 more

No idea what it is about.

My Dockerfile:

FROM jboss/keycloak:12.0.2

WORKDIR '/opt/jboss/keycloak/themes'

RUN curl -L -O https://github.com/cooper-lyt/keycloak-phone-provider/archive/master.tar.gz && tar -zxvf master.tar.gz && rm master.tar.gz
RUN mv keycloak-phone-provider-master/keycloak-phone-provider ${JBOSS_HOME}/modules/
RUN mv keycloak-phone-provider-master/keycloak-sms-provider-dummy ${JBOSS_HOME}/modules/
RUN rm -rf keycloak-phone-provider-master

# RUN curl https://github.com/simon-feamzy/keycloak-apple-social-identity-provider/releases/download/v1.0.4/apple-social-identity-provider-1.0.4.jar -o apple-social-identity-provider-1.0.4.jar
# RUN ${JBOSS_HOME}/bin/jboss-cli.sh --command="module add --name=fr.benjaminfavre.provider --resources=apple-social-identity-provider-1.0.4.jar --dependencies=org.keycloak.keycloak-core,org.keycloak.keycloak-services,org.keycloak.keycloak-server-spi,org.keycloak.keycloak-server-spi-private"
COPY ./standalone/configuration/standalone-ha.xml /opt/jboss/keycloak/standalone/configuration/standalone-ha.xml

RUN mkdir macondo
RUN cp -R ./keycloak/* macondo
COPY ./themes/login/. ./macondo/login

What could it be the problem?

Have you thinking about create ear files for this providers? It could make it easy to install them in the JBoss/Keycloak image since it get all needed providers from standalone/deployments folder.

Tested on JBoss/Keycloak11.0.3:

18:29:17,010 INFO [org.jboss.as.server.deployment] (MSC service thread 1-2) WFLYSRV0028: Stopped deployment keycloak-server.war (runtime-name: keycloak-server.war) in 536ms

18:29:17,043 ERROR [org.jboss.as.controller.management-operation] (Controller Boot Thread) WFLYCTL0013: Operation ("add") failed - address: ([("subsystem" => "microprofile-metrics-smallrye")]): java.lang.NullPointerException

at [email protected]//org.wildfly.extension.microprofile.metrics.MicroProfileMetricsSubsystemAdd$2.execute(MicroProfileMetricsSubsystemAdd.java:86)

at [email protected]//org.jboss.as.controller.AbstractOperationContext.executeStep(AbstractOperationContext.java:999)

at [email protected]//org.jboss.as.controller.AbstractOperationContext.processStages(AbstractOperationContext.java:743)

at [email protected]//org.jboss.as.controller.AbstractOperationContext.executeOperation(AbstractOperationContext.java:467)

at [email protected]//org.jboss.as.controller.OperationContextImpl.executeOperation(OperationContextImpl.java:1413)

at [email protected]//org.jboss.as.controller.ModelControllerImpl.boot(ModelControllerImpl.java:527)

at [email protected]//org.jboss.as.controller.AbstractControllerService.boot(AbstractControllerService.java:515)

at [email protected]//org.jboss.as.controller.AbstractControllerService.boot(AbstractControllerService.java:477)

at [email protected]//org.jboss.as.server.ServerService.boot(ServerService.java:451)

at [email protected]//org.jboss.as.server.ServerService.boot(ServerService.java:404)

at [email protected]//org.jboss.as.controller.AbstractControllerService$1.run(AbstractControllerService.java:416)

at java.base/java.lang.Thread.run(Thread.java:834)

Registration flow is not working wih "declarative-user-profile" feature

The provider worked fine until I've enabled "declarative-user-profile" feature. Now on the registration page there is no field to enter phone number and send message button. Do you have any ideas how to fix this? I really need to check usernames with regexp so I can't disable "declarative-user-profile" feature.

REST API Register

only use phone Register and add user model attribute from request params

can't login by phone_number and code

Hello , I have set the Authentication everybody by phone to direct grant, then send authentication code request seems OK.
http://{ip:port}/realms/buyer/sms/authentication-code?phoneNumber=xxx
2023-04-04 10:30:18,810 INFO [cc.coopersoft.keycloak.phone.providers.rest.TokenCodeResource] (executor-thread-16) Requested authentication code to xxxx
2023-04-04 10:30:18,817 INFO [cc.coopersoft.keycloak.phone.providers.spi.impl.DefaultPhoneProvider] (executor-thread-16) send code to:xxxx
2023-04-04 10:30:18,829 INFO [cc.coopersoft.keycloak.phone.providers.sender.DummySmsSenderService] (executor-thread-16) To: xxxx >>> [null] - authentication code: 826506, expires: 1 minute
2023-04-04 10:30:18,830 INFO [cc.coopersoft.keycloak.phone.providers.spi.impl.DefaultPhoneProvider] (executor-thread-16) Sent authentication code to xxxx over dummy

but then send login token return "Invalid user credentials" , both by login Authentication direct grant and Authentication everybody by phone direct grant
curl -X POST
-H "Content-Type: application/x-www-form-urlencoded"
-d 'grant_type=password&client_id=fast&client_secret=xMjKhx6CgSBaeh2AUtfBxBCGf84iq3Oy&phone_number=xxxxx&code=826506'
"${ip:port}/realms/buyer/protocol/openid-connect/token"
{"error":"invalid_grant","error_description":"Invalid user credentials"}

the keycloak server logs are :
2023-04-04 10:30:38,312 WARN [org.keycloak.events] (executor-thread-17) type=LOGIN_ERROR, realmId=dcde21b9-b011-4ed3-8c2b-e2698eef05ad, clientId=fast, userId=null, ipAddress=xxx, error=invalid_user_credentials, auth_method=openid-connect, grant_type=password, client_auth_method=client-secret, authSessionParentId=19ca89e4-a5dd-4d53-8d42-b271771da144, authSessionTabId=AYy-vXoe8nM

I have tried many times,but still can't get the AT, if anyone has idea , please reply to me , thanks very much !

about the sms config

when using docker, how to set

  • sms platform
  • sms key
  • sms sign
  • sms templete
  • or something else about sms

Keycloak server issue

I got following server in Keycloak server . Can you check
"2023-07-03 12:01:25,923 ERROR [org.keycloak.services.error.KeycloakErrorHandler] (executor-thread-3) Uncaught server error: javax.persistence.NonUniqueResultException: query did not return a unique result: 2"

Cant register user , sms provider not set

Im trying to use an twilio account and start keycloak with this configuration

version: '3'
services:


  database:
    image: mariadb:latest
#    restart: always
    ports:
      - "3306:3306"
#    volumes:
#      - "/home/data/db:/var/lib/mysql"
    environment:
      MYSQL_ROOT_PASSWORD: p0stgr@s
      MYSQL_DATABASE: keycloak
      MYSQL_USER: keycloak
      MYSQL_PASSWORD: k@ycl0ck
      TZ: Asia/Shanghai

  keycloak:
    image: coopersoft/keycloak:21.0.1_phone-2.2.2
    #    restart: always
    ports:
      - 8080:8080
    command:
      - start-dev --spi-phone-message-service-default-service=dummy
    environment:
      KEYCLOAK_ADMIN: admin
      KEYCLOAK_ADMIN_PASSWORD: admin
      KC_HEALTH_ENABLED: true
      KC_PROXY: edge
      SMS_PROVIDER_SERVER: twilio
      SMS_TOKEN_EXPIRES: 180
      SMS_HOUR_MAXIMUM: 3
      TWILIO_ACCOUNT_ID: "A000000000000"
      TWILIO_AUTH_TOKEN:  "c91e000000080b5"
      TWILIO_SEND_PHONE_NUMBER: "00000000"
      DB_VENDOR: mariadb
      DB_ADDR: database
      DB_DATABASE: keycloak
      DB_USER: keycloak
      DB_PASSWORD: k@ycl0ck
      DB_PORT: 3306
    links:
      - database:database
    depends_on:
      - database

Create the flow and when I try to send the code I can see this in the log

not specify a message sender service provider! Default provider'dummy' will be used. you can use keycloak start param '--spi-phone-default-service' specify other one.

Can I use the environment variable like that? Do I have to do something more?

Setting relative path breaks login

Setting Keycloak's KC_HTTP_RELATIVE_PATH breaks the login flow. Apparently this is not included in the api endpoint, neither is it configurable. When clicking "Send code" this results in a silent failure.

Error type: INVALID_COUNTRY_CODE. Missing or invalid default region.

Hello,

Im tring to send sms using "Direct grant everybody with phone"

/realms/master/sms/authentication-code?phoneNumber=+5534990001234

but I got

Error type: INVALID_COUNTRY_CODE. Missing or invalid default region.

what is the issue? also how I can disable validation for phone?

docker tag suggestion

like other images such as maven, suggest docker tag like 1.0.0-11.0.3, main version is about sms providers and meta is specify the keycloak version.

Error setting up SMS OTP

During the action “CONFIGURE_SMS_OTP” only get the following error:
Phone number not found

Looks to me like this error comes from here:

keycloak-phone-provider/keycloak-phone-provider/src/main/java/cc/coopersoft/keycloak/phone/providers/rest/TokenCodeResource.java

Line 53 in a7acd58

throw new ForbiddenException("Phone number not found");

image

Looks to me like a bug because if I set up an SMS OTP I don't need a phone number as a user property, right?
I would like to fix that, but I do not get where tokenCodeType comes from.
If you provide me with a bit more information, I can provide a PR.

Verify Phone Action and use API

Hi
everything is working perfectly, but I have a question of how it will be possible to update the telephone and send a email to validate this new phone?

I t will be possible use keycloak API to make the register, login, etc...?

Can we add a security captcha function like recaptcha before sending SMS verification code?

Your project is truly amazing! This additional layer of security can help prevent automated bots or malicious programs from attempting to abuse the SMS verification system. By requiring users to complete a captcha before sending the SMS verification code, it can help ensure that the verification code is only being sent to legitimate users. At the same time, it can prevent illegal users from repeatedly requesting SMS verification codes, causing financial losses.

对于国内像VAPTCHA、极验、腾讯云验证码之类的也不错。
另外我验证了阿里云短信验证码模块在Keycloak 21上正常运行。

Need mechanism to restrict phone numbers.

Hi @cooperlyt ,

I see that the --spi-phone-default-number-regx option was removed. I would still like to be able to use that feature in addition to --spi-phone-default-canonicalize-phone-numbers=true, because of SMS + shady telco issue:
https://news.ycombinator.com/item?id=34847650

Basically, folks can scam your SMS service and rack up SMS costs with AWS or twilio or whomever. If you have a regex, then at least you can restrict telephone numbers some. I was going to use the --spi-phone-default-number-regx to restrict numbers to something like ^\+1 509 \d{3}-\d{4}$, which would be cell numbers in a particular region of the USA.

关于自定义spi注册到keycloak的问题

您好,我问一下,咱们自定义的spi,例如 org.keycloak.phone.providers.spi.TokenCodeServiceSpi,他没有被注入到keycloak里,也就是说,在TokenCodeResourcegetTokenCode方法里,获取session.getProvider(PhoneMessageServiceProvider.class)的结果一直为null,请问这是什么原因,有解决方法吗?
我部署时,都是直接使用docker cp把包复制到/opt/jboss/keycloak/standalone/deployments下面的

thanks,buy my docker keycloak not find custom spi

hello
my keycloak run in docker.then self define spi not find.

org.keycloak.phone.providers.spi.TokenCodeServiceSpi
org.keycloak.phone.providers.spi.PhoneMessageServiceSpi
org.keycloak.phone.providers.spi.MessageSenderServiceSpi

i extends keycloak 's spi is ok,but myself 's spi is not found.

一个jpa的问题

您好,我再部署时,把咱们的phone-provider打到docker里之后,在启动容器时出现这个问题,jpa的,感觉是keycloak里的jpa没有被我们引用上。

10:06:53,598 WARN  [org.jboss.modules.define] (ServerService Thread Pool -- 60) Failed to define class org.keycloak.phone.providers.jpa.TokenCodeJpaEntityProviderFactory in Module "keycloak-phone-provider" from local module loader @45312be2 (finder: local module finder @7fb95505 (roots: /opt/jboss/keycloak/modules,/opt/jboss/keycloak/modules/system/layers/keycloak,/opt/jboss/keycloak/modules/system/layers/base)): java.lang.NoClassDefFoundError: Failed to link org/keycloak/phone/providers/jpa/TokenCodeJpaEntityProviderFactory (Module "keycloak-phone-provider" from local module loader @45312be2 (finder: local module finder @7fb95505 (roots: /opt/jboss/keycloak/modules,/opt/jboss/keycloak/modules/system/layers/keycloak,/opt/jboss/keycloak/modules/system/layers/base))): org/keycloak/connections/jpa/entityprovider/JpaEntityProviderFactory
        at java.base/java.lang.ClassLoader.defineClass1(Native Method)
        at java.base/java.lang.ClassLoader.defineClass(ClassLoader.java:1017)
        at org.jboss.modules.ModuleClassLoader.doDefineOrLoadClass(ModuleClassLoader.java:423)
        at org.jboss.modules.ModuleClassLoader.defineClass(ModuleClassLoader.java:555)
        at org.jboss.modules.ModuleClassLoader.loadClassLocal(ModuleClassLoader.java:339)
        at org.jboss.modules.ModuleClassLoader$1.loadClassLocal(ModuleClassLoader.java:126)
        at org.jboss.modules.Module.loadModuleClass(Module.java:731)
        at org.jboss.modules.ModuleClassLoader.findClass(ModuleClassLoader.java:247)
        at org.jboss.modules.ConcurrentClassLoader.performLoadClassUnchecked(ConcurrentClassLoader.java:410)
        at org.jboss.modules.ConcurrentClassLoader.performLoadClass(ConcurrentClassLoader.java:398)
        at org.jboss.modules.ConcurrentClassLoader.loadClass(ConcurrentClassLoader.java:116)
        at java.base/java.lang.Class.forName0(Native Method)
        at java.base/java.lang.Class.forName(Class.java:398)
        at java.base/java.util.ServiceLoader$LazyClassPathLookupIterator.nextProviderClass(ServiceLoader.java:1209)
        at java.base/java.util.ServiceLoader$LazyClassPathLookupIterator.hasNextService(ServiceLoader.java:1220)
        at java.base/java.util.ServiceLoader$LazyClassPathLookupIterator.hasNext(ServiceLoader.java:1264)
        at java.base/java.util.ServiceLoader$2.hasNext(ServiceLoader.java:1299)
        at java.base/java.util.ServiceLoader$3.hasNext(ServiceLoader.java:1384)
        at [email protected]//org.keycloak.provider.DefaultProviderLoader.load(DefaultProviderLoader.java:60)

Login with either Phone/Otp or Username/Password in Direct Grant

My need in to Login user with either Direct grant with phone or direct grant with Username and password validation, i tried using both subflows in a new flow and using both flows as Alternative of each other but i can only login through one method which is first in the flow , i need a custom condition in which if user is giving phonenumber as a credtential he can use direct grant with phone flow else if a user provides username then username and password validation flow should execute.

Register with phone number is not working

Hi,
the register with a phone number does not work and it just shows the same form click on submit; however, if I set the email as username it does work! tested on keycloak 19.0.0, 19.0.1,19.0.3

Please help with setup: funds available

I need to get this working, especially the authentication part. I am having troubles doing the setup properly. Happy to support financially if you could spend a few hours guiding me through the process.

SMS OTP can't be configured over Account Console

Firstly, thanks for the amazing Keycloak extension. I installed your extension and configured it as a 2FA option and this works.
Now I want to give users the ability to add or remove the 2FA credential with the type SMS in the Account Console. (See screenshot)

image

Would it be possible to achieve that? I noticed that there is also a account theme (here), but I cannot use that in the realm settings.

有计划支持新版本么

我用的是 keycloak 15.0.2,在 pom.xml 修改了版本号后,做了一些简单的兼容性调整,按照 Dockerfile 中的步骤在本机的 container 中执行了脚本。节选执行结果如下:

17:32:12,455 INFO  [org.jboss.as] (MSC service thread 1-8) WFLYSRV0050: Keycloak 15.0.2 (WildFly Core 15.0.1.Final) stopped in 33ms
17:32:12,464 INFO  [org.jboss.modules] (CLI command executor) JBoss Modules version 1.11.0.Final
17:32:12,478 INFO  [org.jboss.as] (MSC service thread 2-4) WFLYSRV0049: Keycloak 15.0.2 (WildFly Core 15.0.1.Final) starting
17:32:12,479 DEBUG [org.jboss.as.config] (MSC service thread 2-4) Configured system properties:
	awt.toolkit = sun.awt.X11.XToolkit
	com.ibm.jsse2.overrideDefaultTLS = true
	file.encoding = UTF-8
	file.separator = /
	java.awt.graphicsenv = sun.awt.X11GraphicsEnvironment
	java.awt.printerjob = sun.print.PSPrinterJob
	java.class.path = /opt/jboss/keycloak/jboss-modules.jar
	java.class.version = 55.0
	java.home = /usr/lib/jvm/java-11-openjdk-11.0.12.0.7-0.el8_4.x86_64
	java.io.tmpdir = /tmp
	java.library.path = /usr/java/packages/lib:/usr/lib64:/lib64:/lib:/usr/lib
	java.runtime.name = OpenJDK Runtime Environment
	java.runtime.version = 11.0.12+7-LTS
	java.specification.name = Java Platform API Specification
	java.specification.vendor = Oracle Corporation
	java.specification.version = 11
	java.util.logging.manager = org.jboss.logmanager.LogManager
	java.vendor = Red Hat, Inc.
	java.vendor.url = https://www.redhat.com/
	java.vendor.url.bug = https://bugzilla.redhat.com/enter_bug.cgi?product=Red%20Hat%20Enterprise%20Linux%208&component=java-11-openjdk
	java.vendor.version = 18.9
	java.version = 11.0.12
	java.version.date = 2021-07-20
	java.vm.compressedOopsMode = 32-bit
	java.vm.info = mixed mode, sharing
	java.vm.name = OpenJDK 64-Bit Server VM
	java.vm.specification.name = Java Virtual Machine Specification
	java.vm.specification.vendor = Oracle Corporation
	java.vm.specification.version = 11
	java.vm.vendor = Red Hat, Inc.
	java.vm.version = 11.0.12+7-LTS
	jboss.home.dir = /opt/jboss/keycloak
	jboss.host.name = c1e71c86263e
	jboss.modules.dir = /opt/jboss/keycloak/modules
	jboss.modules.system.pkgs = com.sun.java.swing
	jboss.node.name = c1e71c86263e
	jboss.qualified.host.name = c1e71c86263e
	jboss.server.base.dir = /opt/jboss/keycloak/standalone
	jboss.server.config.dir = /opt/jboss/keycloak/standalone/configuration
	jboss.server.content.dir = /opt/jboss/keycloak/standalone/data/content
	jboss.server.data.dir = /opt/jboss/keycloak/standalone/data
	jboss.server.deploy.dir = /opt/jboss/keycloak/standalone/data/content
	jboss.server.log.dir = /opt/jboss/keycloak/standalone/log
	jboss.server.name = c1e71c86263e
	jboss.server.persist.config = true
	jboss.server.temp.dir = /opt/jboss/keycloak/standalone/tmp
	jdk.debug = release
	line.separator =

	logging.configuration = file:/opt/jboss/keycloak/bin/jboss-cli-logging.properties
	module.path = /opt/jboss/keycloak/modules
	org.jboss.boot.log.file = /opt/jboss/keycloak/standalone/log/server.log
	org.jboss.resolver.warning = true
	org.wildfly.logging.embedded = false
	os.arch = amd64
	os.name = Linux
	os.version = 5.10.47-linuxkit
	path.separator = :
	sun.arch.data.model = 64
	sun.boot.library.path = /usr/lib/jvm/java-11-openjdk-11.0.12.0.7-0.el8_4.x86_64/lib
	sun.cpu.endian = little
	sun.cpu.isalist =
	sun.io.unicode.encoding = UnicodeLittle
	sun.java.command = /opt/jboss/keycloak/jboss-modules.jar -mp /opt/jboss/keycloak/modules org.jboss.as.cli --file=cli/module-add.cli
	sun.java.launcher = SUN_STANDARD
	sun.jnu.encoding = UTF-8
	sun.management.compiler = HotSpot 64-Bit Tiered Compilers
	sun.os.patch.level = unknown
	user.country = US
	user.dir = /tmp/tmps
	user.home = /opt/jboss
	user.language = en
	user.name = jboss
	user.timezone = Asia/Shanghai
17:32:12,483 DEBUG [org.jboss.as.config] (MSC service thread 2-4) VM Arguments: --add-exports=java.base/sun.nio.ch=ALL-UNNAMED --add-exports=jdk.unsupported/sun.misc=ALL-UNNAMED --add-exports=jdk.unsupported/sun.reflect=ALL-UNNAMED -Djboss.modules.system.pkgs=com.sun.java.swing -Dcom.ibm.jsse2.overrideDefaultTLS=true -Dlogging.configuration=file:/opt/jboss/keycloak/bin/jboss-cli-logging.properties
17:32:12,500 INFO  [org.jboss.vfs] (MSC service thread 2-1) VFS000002: Failed to clean existing content for temp file provider of type temp. Enable DEBUG level log to find what caused this
17:32:12,603 INFO  [org.jboss.as.controller.management-deprecated] (ServerService Thread Pool -- 12) WFLYCTL0033: Extension 'security' is deprecated and may not be supported in future versions
17:32:12,630 INFO  [org.jboss.as.controller.management-deprecated] (Controller Boot Thread) WFLYCTL0028: Attribute 'security-realm' in the resource at address '/core-service=management/management-interface=http-interface' is deprecated, and may be removed in a future version. See the attribute description in the output of the read-resource-description operation to learn more about the deprecation.
17:32:12,665 INFO  [org.jboss.as.controller.management-deprecated] (Controller Boot Thread) WFLYCTL0028: Attribute 'security-realm' in the resource at address '/subsystem=undertow/server=default-server/https-listener=https' is deprecated, and may be removed in a future version. See the attribute description in the output of the read-resource-description operation to learn more about the deprecation.
17:32:12,708 INFO  [org.jboss.as.patching] (MSC service thread 2-3) WFLYPAT0050: Keycloak cumulative patch ID is: base, one-off patches include: none
17:32:12,715 WARN  [org.jboss.as.domain.management.security] (MSC service thread 2-4) WFLYDM0111: Keystore /opt/jboss/keycloak/standalone/configuration/application.keystore not found, it will be auto generated on first use with a self signed certificate for host localhost
17:32:12,726 WARN  [org.wildfly.extension.elytron] (MSC service thread 2-6) WFLYELY00023: KeyStore file '/opt/jboss/keycloak/standalone/configuration/application.keystore' does not exist. Used blank.
17:32:12,734 WARN  [org.wildfly.extension.elytron] (MSC service thread 2-3) WFLYELY01084: KeyStore /opt/jboss/keycloak/standalone/configuration/application.keystore not found, it will be auto generated on first use with a self-signed certificate for host localhost
17:32:12,766 INFO  [org.jboss.as.server] (Controller Boot Thread) WFLYSRV0212: Resuming server
17:32:12,769 INFO  [org.jboss.as] (Controller Boot Thread) WFLYSRV0025: Keycloak 15.0.2 (WildFly Core 15.0.1.Final) started in 303ms - Started 59 of 82 services (32 services are lazy, passive or on-demand)
The batch executed successfully

看似成功了,但是在 execution 中没有找到相关的选项。
keycloak-phone-provider.resources.jar 也是deployed的状态。

image

请问会是什么原因导致的呢,有什么好的解决办法吗😭

Mobile number with Password custom Provider in Keycloak 19 - mod Security blocks the form and clears from authentication tab

Hi All,

Have tried implemented mobile no authentication form flow in keycloak it was working fine, post enabling mod security in apache server security the custom form flow got removed automatically from the realm,no logs written during the removal of phone password form inside authentication tab at the realm level.

@cooperlyt can you plz help in this regard to resolve the mod security issue with keycloak mobile custom provider.

Help needed from you.. #HelpRequired

login phone is fail

After configuring the login phone, an error is reported when accessing the login page.
keycloak version 19.0.1
43F7C9AC-8348-423E-BA52-A54F21EB7AE2

Add and verify phone number for existing email user

I've Keycloak (Quarkus) up and running on production with thousands of users registered via email.
The email is being verified and used as username.
All users can login via email address.

My question is:

How can I use this SPI to trigger a screen for the user to add and verify his phone number as a secondary identifier or without touching his email address?

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.