Hi, My use case is to update keycloak login form to encode user password to base64 before submitting the form. How can I read the form data in keycloak server side and decode it? Thanks in advance.
Are you using this for a custom login flow ?
I’m looking to see what kind of use-case do you have to encode it.
Yes, our security appliance is blocking access with special characters. One of our solution is to encode the login data (username & password).
You would need to build custom authenticators for all of the steps that receive the password and use those instead of the defaults. keycloak/services/src/main/java/org/keycloak/authentication/authenticators/browser/UsernamePasswordForm.java at main · keycloak/keycloak · GitHub
However, this calls into question why you would want to do that. Make sure you’re using SSL, and there’s no additional security you get from base64 encoding.
1 Like
As @xgp suggested, Building custom authenticators is the best solution.
However I’m curious to know the setup you have. Is your security application integrated with keycloak ? Generally Keycloak takes care of login flow end to end, and once successfully authenticated you can be redirected to the frontend. Provided frontend has implemented the required keycloak sdk to pick up the login.
1 Like
Thanks @thebrijpatel and @xgp, mine is similar to this one Generated values for tab_id and session_code are blocked by AWS WAF - Getting advice - Keycloak but in user password. If there’s any special character like “#” it’s getting blocked.