27 lines
1.4 KiB
XML
27 lines
1.4 KiB
XML
|
<chapter id="recaptcha">
|
||
|
|
<title>Recaptcha Support on Registration</title>
|
||
|
|
|
||
|
|
<para>
|
||
|
|
To safeguard registration against bots, Keycloak has integration with Google Recaptcha. To enable this you
|
||
|
|
need to first go to <ulink url="https://developers.google.com/recaptcha/">Google Recaptcha</ulink>
|
||
|
|
and create an API key so that you can get your recaptcha site key and secret. (FYI, localhost works by default
|
||
|
|
so you don't have to specify a domain).
|
||
|
|
</para>
|
||
|
|
<para>Next, go to the Keycloak Admin Console. Go to
|
||
|
|
Authentication->Flows page. Select the 'registration' flow. Set the 'Recaptcha' requirement to 'Required'. Click
|
||
|
|
on the 'Configure' button and enter in the Recaptcha site key and secret.
|
||
|
|
</para>
|
||
|
|
<para>
|
||
|
|
Finally, you have to change Keycloak's default security headers. In the Admin Console, go to Settings->Security Defenses
|
||
|
|
of your realm. Add a space and <literal>https://www.google.com</literal> to the values of both the <literal>X-Frame-Options</literal>
|
||
|
|
and <literal>Content-Security-Policy</literal> headers. i.e.
|
||
|
|
<programlisting>
|
||
|
|
frame-src 'self' https://www.google.com
|
||
|
|
</programlisting>
|
||
|
|
</para>
|
||
|
|
<para>
|
||
|
|
That's it! You may want to edit register.ftl in your login theme to muck around with the placement and styling
|
||
|
|
of the recaptcha button. Up to you.
|
||
|
|
</para>
|
||
|
|
</chapter>
|