keycloak-scim/topics/recaptcha.adoc

25 lines
1.1 KiB
Text
Raw Normal View History

2016-04-18 15:15:25 +00:00
[[_recaptcha]]
= Recaptcha Support on Registration
To safeguard registration against bots, Keycloak has integration with Google Recaptcha.
To enable this you need to first go to https://developers.google.com/recaptcha/[Google Recaptcha] and create an API key so that you can get your recaptcha site key and secret.
(FYI, localhost works by default so you don't have to specify a domain).
Next, go to the Keycloak Admin Console.
Go to Authentication->Flows page.
Select the 'registration' flow.
Set the 'Recaptcha' requirement to 'Required'. Click on the 'Configure' button and enter in the Recaptcha site key and secret.
Finally, you have to change Keycloak's default security headers.
In the Admin Console, go to Settings->Security Defenses of your realm.
Add a space and `https://www.google.com` to the values of both the `X-Frame-Options` and `Content-Security-Policy` headers.
i.e.
[source]
----
frame-src 'self' https://www.google.com
----
That's it! You may want to edit register.ftl in your login theme to muck around with the placement and styling of the recaptcha button.
Up to you.