Learn how to enable password change for censhare Web and censhare Client via Keycloak.

Prerequisites

This article is valid as of censhare 2021.2.0.


censhare WP and Keycloak have been configured appropriately. For example, routes to the censhare Server. 

Introduction

Users must manage password changes via the Keycloak Account Management. The clients call a fixed URL as follows:

http(s)://gw-host:gw-port/censhare5/client/change-password
CODE
  • gw-host - hostname of the Cloud Gateway that is used by the client
  • gw-port - port of the Cloud Gateway that is used by the client

Enable password change for censhare Web

You must configure the redirect from the Change password menu item in censhare Web using the required Keycloak URL. 

Configure a rule in Cloud Gateway that maps the URL to the Keycloak Account Management page. Add an entry similar to this:

spring.cloud.gateway.routes:
        - id: censhare5_change_password_redirect
          uri: http://localhost:8080
          predicates:
            - Path=/censhare5/client/change-password
          filters:
            - SetPath=/auth/realms/censhare/account
YML

Adjust http://localhost:8080/ with the correct hostname and port of your Keycloak server.

Enable password change for censhare Client

  1. On the censhare Server, open the Client Preferences file. It is usually located in the censhare-Custom directory:

    $stringEscapeUtils.escapeHtml($body)
    TEXT

  2. Add the URL to reach the Keycloak Account Management page:
     

    <authentication change-password-url-pattern="{authServerBaseUrl}/realms/{realm}/account"/>
    TEXT

If censhare WP and Keycloak are set up correctly, the placeholders are replaced by the corresponding values.
 Alternatively, you can define the complete URL to the Keycloak Account page directly or define the same URL as used by censhare Web, as described above.

Define password rules

Password rules must be defined in Keycloak and no longer in the censhare Admin Client. Keycloak has a rich set of password policies that you can enable.

For more information, see the Keycloak Password Policies

Result

Users of censhare Web and censhare Client are now enabled to change their password via Keycloak when they select the Change password menu item.