Open dcarlet opened 11 months ago
This gets fixed by https://github.com/mesutpiskin/keycloak-2fa-email-authenticator/pull/21. A rebase of that branch is needed, but from my tests it still works fine.
This issue may be solved easier by including the templates as theme-resources in the JAR. https://www.keycloak.org/docs/latest/server_development/#_theme_resource
So, we recently were asked to add Email One Time Passcodes to our Keycloak. I was very happy to find this repository!
However, after several hours of testing/compiling/deploying/pulling hairs out, I've found that there seems to be an issue with how the plugin itself handles theme lookup.
We deploy Keycloak into Kubernetes using the bitnami container/helm chart. We're running 22.0.5. In order to add this awesome plugin, I:
Clone this repository and built from master after updating the pom.xml to specify a new custom version (v0.4-KC22.0.5-custom) and updating the keycloak.version to 22.0.5 using openJDK 17 on RHEL 8.
a dockerfile to build a custom container:
I tried having the themes/ dir containing several things, and here are the results:
org.keycloak.keycloak-themes-22.0.5.jar
jar so that /opt/bitnami/keycloak/themes/ looks like:However, testing revealed a consistent behavior:
Part of what I discovered is that the plugin seems to be expecting to use the template based on what the Realm Settings -> Themes -> Email Code Theme setting is, set to. However, Keycloak uses this same setting for email verification. So if we change that setting to the email-code-theme, then Email OTP works, but keycloak's email verification does not. If we set it to Base or Keycloak, then Email verification works, but Email OTP does not.
I tried looking at the java source to figure out how to figure out how to set the plugin to use a different theme but I couldn't figure it out (I haven't been a Java dev in like, 10 years, so forgive me XD). It seems to be set on this line but...clearly something isn't correct.