/
Identity Manager enhancements on Keycloak

Identity Manager enhancements on Keycloak

Owned by Francisco Javier López Acevedo
Last updated: 17/01/25
2 min read

Available since version 6.1.0-Warcraft

Introduction

As from version 6.0 of Onesait Platform Keycloak is the only Identity Manager, certain functionalities have been implemented in Keycloak that until now only existed in the basic Identity Manager:

  • New user registration.

  • Password reset.

  • Improved error display.

  • User lockout after several unsuccessful retries.

New user registration

Implemented new user registration via a registration form.

image-20250117-113429.png

By default this registration method is deactivated, so it will have to be activated by a user with the ‘administrator’ role.

When defining the characters that the user can use to define his password, it is possible to configure the required pattern with the environment variable ‘PASSWORD_PATTERN’, which by default is the following:

(?=^.{10,255}$)((?=.\\d)|(?=.\\W+))(?![.\\n])(?=.[A-Z])(?=.[a-z])(?=.[-@#!;_?¿$%^&+=.]).$

Password Reset

The functionality to reset the user's password via email has been implemented.

image-20250117-113840.png

Improvements to the error display

The display of errors related to the registration of new users has also been improved.

Examples are, when registering a new user, that the password and the password confirmation do not match:

Or if the user tries to register with an email address that already exists in the database:

User lockout after several unsuccessful retries

The functionality has been implemented to lock a user in case of reaching the maximum number of retries in the login.

This limit is configurable with the variable ‘MAX_FAILED_ATTEMPTS’ and by default it is 5.

A blocked user can be unblocked by a user with ‘administrator’ role.