Open candlerb opened 2 years ago
Aha, I found it! Authentication > Required Actions > Register, Update Radius Password.
I'm happy to close this issue, although I think this requirement should be noted in the README.
I have a couple of minor comments about RADIUS password:
/realms/<realm>/account/
page that it has been set up, nor any option to change it (unless this is hidden by some other setting that I haven't found?)I note that at the moment, RADIUS password is not affected by password policy rules. This is how I want it, because I want to set an impossible policy like .{400}
to prevent people setting a Keycloak password on their account (forcing them to use IDP logins only). I hope this stays - or if password policy is set for RADIUS then a separate one is used.
Describe the bug
(Or this may be user error - can you enable "Discussions"?)
When I install keycloak-radius-plugin over Keycloak 17.0.0, I don't get the "Update RADIUS password" action under "Required User Actions"
To Reproduce I installed Keycloak 17.0.0 from scratch already (it's in
/opt/keycloak-17.0.0
, with a symlink from/opt/keycloak
), using the now-default Quarkus version.I unzipped the relevant parts of keycloak-radius-plugin over it. Note that
kc.sh build
appears to be necessary to pick up the radius plugin.I was then able to add a client name "radius", protocol "radius-protocol", and it responds to RADIUS requests. It works if I do simple Access-Request and I set the Keycloak password on an account:
However, I'm having difficulty setting the separate RADIUS password.
I set the realm admin console theme to "radius". However when I go to the Users > (username) > Details page, I do not see any option for "Update RADIUS password"
I restarted keycloak just to be sure.
There is also no RADIUS option under "Users > (username) > Credentials > Credential Reset"
Expected behavior The documentation shows a new option "Update Radius password" should be available:
Screenshots Inline above
Additional context My goal is to disallow users from setting a Keycloak password (using IDP links to login to Keycloak), and use the RADIUS password only for RADIUS authentication.
Warnings are generated by
kc.sh build
showing that the RADIUS modules are being picked up: