In Keycloak, by default, users are able to change their first and last name in the account manager page. However, is it possible to disable this behavior?
Removing both fields in the theme results in those values not being sent and the form failing, and a hand-crafted POST request would defeat this method anyway.
I came across a similar problem and after reading this SO post, came to know that although you can disable/hide fields in ftl, you cannot disable form validation
For e.g I hid firstname field , but still cannot submit. Same was the result with disable as well:
I am not aware about disabling a particular field in some other way. However there is a workaround in which you can disable the entire account modification flow (Password can still be changed by Forgot Password option).
Bu default, account modification is enabled, but you can disable it for a particular realm by going to Realms -> Clients -> Account.
The result of this will be, the account page will be inaccessible:
You can remove the client role 'manage_account' for client 'account'.
In Keycloak, by default, users are able to change their first and last
name in the account manager page. Is it possible to disable this
behavior?
That can be done out-of-the-box (since Keycloak 14) by using the user profile functionality. First, the preview feature declarative-user-profile has to be enabled. For that start the server with:
--features=declarative-user-profile.
for the Quarkus version, or with
-Dkeycloak.profile.feature.declarative_user_profile=enabled
for the Wildfly version.
Bear in mind that:
Declarative User Profile is Technology Preview and is not fully
supported.
After starting the server with the aforementioned option, go to the Keycloak Admin Console and:
Go to the according Realm;
Go to the tab General;
Set User Profile enabled to ON
A new tab named User Profile (top right) will show up; click on it, and a set of configurable attributes will be shown.
Click on firstName, and then go to Permissions
In that section the permissions can be changed, accordingly. For example, if one sets Can user edit? to OFF, then when the user tries to change the firstName field in the account UI, that UI throws the following warning message:
The field First name is read only.
The same configuration can also be applied to the lastName attribute.
For the new Keycloak UI the workflow is exactly the same as the one I have just described. More information about the feature can be found in the official keycloak documentation (link)
You can use readonly property to disable email you can just change the following line:
<input type="text" class="form-control" id="email" name="email" readonly autofocus value="${(account.email!'')}"/>
Related
I'm currently troubleshooting a login issue for a deployed Moodle. Login page uses an alternate page which I have managed to identify. The alternate page considers everything except successful login as invalid or expired login or password.
Since some correct login and password are also getting the same issue.I am trying to restore the Moodle instance to use its default login page but did not find any $CFG->alternateloginurl configuration set in moodle.php. Kindly please provide any pointers you can think of on where to look next to restore the login page.
PS: I've also searched within the active theme, and there has not been any code changes. Uses a variant of Moove
Thank you
Rest assured that its a common issue
https://docs.moodle.org/401/en/Managing_authentication#Alternate_login_URL
There is an entry in the database
SELECT *
FROM mdl_config
WHERE name = 'alternateloginurl'
Note the value, just in case, then blank it out
UPDATE mdl_config
SET value = ''
WHERE name = 'alternateloginurl'
Then purge the cache to update Moodle
php admin/cli/purge_caches.php
When you do manage to log in, check which other authentication methods are active via
Site administration > Plugins > Authentication > Manage authentication
https://docs.moodle.org/401/en/Managing_authentication
The default methods are manual and email self registration
Although self registration is disabled by default in the settings on the same page (registerauth)
I know there's an earlier question with this subject here, but the OP never reported if the one answer resolved the issue. And since
Internal Server Error
is about as user-unfriendly as you can get, I would love to change this to something that feels more like "a message" than "an anvil dropped on your foot".
I have found one other SO post that tangentially relates to this issue (about that disappearing "duplicate emails" switch), but the problem is indeed not about whether or not to allow duplicate emails (or how to revive hidden admin controls) but how a very ordinary issue is communicated to the user - well, like how Keycloak notifies the user when they try and register with an existing username.
We're currently using the Docker version of Keycloak 12.0.4 with some customisations (a custom BCrypt module, some logging changes) running in IBM Cloud, using a Postgresql DB. We also added a custom theme & internationalisation. The same error occurs also when using the default Keycloak theme, though.
Here are our Login settings:
It turned out to be a configuration issue, but so deeply hidden that even the Keycloak developer who looked into the ticket I created had glossed over it.
The perpetrator was in menu Configure > Authentication > tab: Flows > choose dropdown: Registration > Profile validation radio button [o REQUIRED | o DISABLED]
This was set to disabled, which in effect prevents the duplicate email check in the registration form that the Realm settings > tab: Login form suggest are active. But then, of course, the database won't like that, with above-mentioned result.
This combination of settings should at least issue a warning, of course. I hope this will be corrected.
I am a new user following this tutorial provided by IBM.
I am up to this step:
For Cloudant Instance, select Input your own credentials and fill in the following fields with the credentials information captured for your cloudant service: Username, Password, Host and Database = guestbook and click Add and then Save.
After following the instruction to 'Add', I am returned to the sequence view (with the list of actions representing the sequence I'm working on).
Expected: The newly created public action w/ binding should appear in the list.
Instead: The newly created public action is not in the list. There is no evidence of it having been created at all. There is no option to 'save'.
Am I doing something wrong? This seems like an enormous bug.
Attempted solutions (unsuccessful):
Log out and back in.
Create new Cloudant service credentials.
Enter service credentials manually vs via dropdown.
Create action in a named package rather than default package.
Create new Cloudant service credentials, selecting a specific service ID.
PS
Attempted to create support ticket but needed to upgrade account by adding credit card. Filled in card information. Card rejected: "Error: Could not place order. Unable to verify the credit card. Declined due to Risk management". I use this card successfully all the time.
In actions UI, selected a sequence, added an action to the sequence, 'reset' sequence to discard changes, began to add yet another action, cancelled that new action, returned to sequence view and the previously created action that I had discarded was there. Ie seems like some backend / database propagation issues on IBM's end?
The steps have been updated in https://cloud.ibm.com/docs/tutorials?topic=solution-tutorials-serverless-api-webapp#sequence-of-actions-to-save-the-guestbook-entry.
To create the new Cloudant binding:
Set Name to binding-for-guestbook.
Set Instance to Input your own credentials.
Set Username, Password, Host and IAM API Key from the values found in the Cloudant credentials for-guestbook created earlier.
Set Database to guestbook.
Set whiskoverwriteLabel to true.
Save
In our installer we have multiple form components in which we hide some inner options in case the user have choose a specific option.
For example: In this screen - this is the default displayed options.
If the user choose different Authentication than the default SQL Server Authentication (Windows Authentication), than the installer hides the User Name & Password fields.
The problem happens while on upgrade. If the user previously choose the Windows Authentication option - the displayed screen will be like this:
It's not good, because while connecting with Windows Authentication the user input User Name & Password shouldn't be presented.
The Authentication input is defined as Combo-Box & have the Selection change script property like this:
if (selectedItem.equals("Windows Authentication")) {
((JTextField)formEnvironment.getFormComponentById("1418").getConfigurationObject()).setText("");
}
formEnvironment.getFormComponentById("1418").setVisible(!selectedItem.equals("Windows Authentication"));
formEnvironment.getFormComponentById("1677").setVisible(!selectedItem.equals("Windows Authentication"));
Basically I do understand why it won't work on upgrade - since it work by selection trigger, it won't be applied by default by the installer.
Is there any way applying this logic also upon upgrade?
You have to execute the same logic in the "Visibility script" properties of the "User name" and "Password" form components. You don't have the "selectedItem" parameter there, but you can query the variable that is bound to the "Authentication" form component, i.e. context.getVariable("variableName").
Turn editing On button is showing in course page to authenticated users in Moodle.
I have tried editing authenticated users permissions but it is still there.
Seems like some permissions are overriding but i can't set it to default.
In the reports setting, capability block is showing following line:
moodle/course:update: Update course settings
I was struggling from 2 days with this issue, finally find solution. This might help someone in future.
Actually the scenario is that Every guest and loged in user is having same rights as "Authenticated user" in moodle. (version 3.0)
issue was that authenticated user is having right to edit course. There was no permission assigned to authenticated user except following:
block/community:myaddinstance
block/course_list:myaddinstance
block/course_overview:myaddinstance
Add a new random glossary entry block to Dashboard
block/html:myaddinstance
block/navigation:myaddinstance
block/news_items:myaddinstance
moodle/portfolio:export
moodle/user:manageownfiles
report/courseoverview:view
moodle/badges:earnbadge
moodle/calendar:manageownentries
moodle/comment:post
moodle/comment:view
moodle/course:sectionvisibility
moodle/course:viewhiddensections
moodle/rating:viewall
moodle/rating:viewany
block/online_users:viewlist
block/site_main_menu:addinstance
moodle/block:view
mod/folder:view
mod/imscp:view
mod/page:view
I turned the following permission to Prohibit and now turn editing on button is not showing to Authenticated Users. Still don't know which of the following worked for this issue. but any one struggling with this issue can overview complete list of permissions from this post.
moodle/comment:post
moodle/comment:view
moodle/course:sectionvisibility
moodle/course:viewhiddensections
moodle/rating:viewall
moodle/rating:viewany
block/online_users:viewlist
block/site_main_menu:addinstance