ana sayfa > Genel > Keycloak tip: disabling the review profile step when using twitter,microsoft,gmail… as an identity provider

Keycloak tip: disabling the review profile step when using twitter,microsoft,gmail… as an identity provider

Pazartesi, 07 Eki 2024 yorum ekle yorumlara git

Keycloak’ta kimlik sağlayıcılar ile login kullanıyorsanız, kullanıcı ilk kez oturum açtığında can sıkıcı küçük bir sorunla karşılaşmış olabilirsiniz: kullanıcı adı, soyadı v.s içeren “Update Account” inceleme profili formu görünür. Bu gönderide, yapılandırma yoluyla bu sorunu nasıl aşabildiğimizi paylaşmak istiyoruz.

Background:

By the default, the review profile is a required step of the first broker login flow which is triggered whenever authentication is done through an identity provider

screen_shot

The review profile step is meant to prompt the user about a missing required profile property (usually first name or last name) that could not be obtained from the identity provider. Additionally, the review profile can be configured to trigger in all the cases regardless of whether the user info are obtained or not by setting the authenticator configuration option to on instead of missing, or not to be triggered at all by setting the option to off.

screen_shot

The particularity of twitter, compared to other providers, is that there is no first/last name in the user info, just a name rather.

screen_shot

While processing the user info received from twitter, Keycloak assumes that the name is composed of a first name and a last name splitted by a space (The processing logic can be found here). Accordingly, if the twitter account used for logging in does not contain a space (quite common in twitter), the last name would be empty and this will automatically trigger the review profile form (if the default settings are kept)

screen_shot

This means that the user will have to go through an additional step, which ruins a bit the UX and also the main goal behind using an identity provider: skipping the register form.

In the next sections, we would like to share a couple of solutions that can help working around this little needling gotcha.

Solution 1: setting “Update Profile on First Login” to off or disabling the review profle step

This solution is dead simple. When going to the Authentication flows setup and then to the first broker login flow configuation, you can find a special authenticator configuration for the Review Profile step:

screen_shot

once clicking on the settings icon, you will get the following modal:

screen_shot

You can simply set the value to off, and voilà!

It’s also possible to disable the whole review profile step by setting its value to disabled.

Solution 2: disabling last name validation using user profiles

This solution requires the activation of a preview feature called declarative user profile (More details about Keycloak features and how to enable them can be found in the official docs). Because the declarative user profile is still a preview feature, and thus not recommended to use in production settings, this solution is just for information purposes. To enable the declarative user profile feature:

  • set the Keycloak flag (either --feature=declarative-user-profile or -Dkeycloak.profile.feature.declarative_user_profile=enabled in older versions)
  • toggle the User Profile Enabled in the General realm config

screen_shot

after enabling the feature, you will see the following menu appearing in Keycloak admin:

screen_shot

by clicking on lastNane and setting the value of required to false, we are telling Keycloak that the last name of a user is not required and thus the registration of a new user should go through without a last name. This would apply for registering a user through an idp as well.

screen_shot

References

For further details, checkout the discussion in the following pull request:

https://github.com/keycloak/keycloak/pull/12923

https://www.imager200.io/blog/keycloak-circumventing-review-profile-with-twitter

Categories: Genel Tags:
  1. şimdilik yorum yok.
  1. şimdilik geri bağlantı yok
yorum yapabilmek için giriş yapmalısınız