xgp
commented
4 months ago Did you enable the invitation required action? It must be enabled in the admin UI in Authentication->Required Actions.
Closed akamishima99 closed 4 months ago
xgp
commented
4 months ago Did you enable the invitation required action? It must be enabled in the admin UI in Authentication->Required Actions.
akamishima99
commented
4 months ago Yes, enable the setting as the following but can not accept the invitation.
xgp
commented
4 months ago Turn on DEBUG log level to see what is happening here: https://github.com/p2-inc/keycloak-orgs/blob/main/src/main/java/io/phasetwo/service/auth/invitation/InvitationRequiredAction.java#L28
lsmith77
commented
4 months ago I might be seeing the same issue. I have tried both enabling Invitation within the Required actions as well as customizing the browser flow to add Invitation.
However when a user registers nothing seems to be triggered, ie. the user is registered but is never asked to accept/reject invitations.
xgp
commented
4 months ago Can't repro. Please turn on DEBUG logging and see if that log message indicating the evaluateTriggers appears. I'll close this until I can get someone to send me logs and a way to reproduce. A comprehensive list of steps, or even a video would be great.
lsmith77
commented
4 months ago Is this the debug info you are looking for?
lab-keycloak-keycloak-1 | 2024-02-07 10:59:37,178 INFO [io.phasetwo.service.auth.invitation.InvitationRequiredAction] (executor-thread-129) InvitationRequiredAction.requiredActionChallenge called for realm example and user test10@example.com
lab-keycloak-keycloak-1 | 2024-02-07 10:59:37,178 INFO [io.phasetwo.service.auth.invitation.InvitationRequiredAction] (executor-thread-129) No challengeIt seems like it doesn't reach https://github.com/p2-inc/keycloak-orgs/blob/main/src/main/java/io/phasetwo/service/auth/invitation/InvitationRequiredAction.java#L33 but I am not seeing any errors.
Note test10@example.com is invited to an organization. Maybe the issue is that I am not configuring anywhere to which organization the user is attempting to register? Do I need to pass along some parameter for this? Or will it just look over all organizations to find any invitations?
lsmith77
commented
4 months ago OK I figured out the issue for me: https://github.com/p2-inc/keycloak-orgs/blob/b6838c3c95c3e92d901810faaa214d7abed38b75/src/main/java/io/phasetwo/service/auth/invitation/InvitationRequiredAction.java#L54
The email has to be verified in order to trigger the invitatins accept/reject screen.
Should I send a PR to update the docs?
xgp
commented
4 months ago @lsmith77 Thanks for reiterating that. I can see this isn't explicitly documented anywhere. It is a default to require that an email address be verified, as it would present a security issue to allow anyone who uses an email address to register to join an organization without verifying that the user is the owner of that email address. Because of that, it is assumed that you are using invitations in conjunction with setting Verify Email as a default Required Action.
I updated the readme to include that description: https://github.com/p2-inc/keycloak-orgs/commit/92ff45154645c76a90633468c6740f6434429209
I can not accept the invitation to Organization. The following, send the invitation mail with my application login url and receive the below mail and access the key cloak login window via the redirection by the my application. I can the login but not accept the user to a organization and can not get the organization information by my application.
How do I accept an invitation to my organization?