keycloak-scim/server_admin/topics/users/proc-enabling-recaptcha-support.adoc

// Module included in the following assemblies:
//
// server_admin/topics/users.adoc

[id="proc-enabling-recaptcha-support_{context}"]
= Enabling reCAPTCHA Support

[role="_abstract"]
To safeguard registration against bots, {project_name} has integration with Google reCAPTCHA.

Once reCAPTCHA is enabled, you can edit `register.ftl` in your login theme to configure the placement and styling of the reCAPTCHA button on the registration page. 

.Procedure
. Navigate to the link:https://developers.google.com/recaptcha/[Google Recaptcha website].
. Create an API key to get your reCAPTCHA site key and secret. Note the reCAPTCHA site key and secret for future use in this procedure.
+
NOTE: The localhost works by default. You do not have to specify a domain.
+
. Navigate to the {project_name} admin console.
. Click *Authentication* in the left menu. 
. Click the *Flows* tab.  
. Select *Registration* from the drop down menu.
. Set the *reCAPTCHA* requirement to *Required* by clicking the appropriate radio button. This enables
reCAPTCHA.  
. Click *Actions* to the right of the reCAPTCHA flow entry.
. Click the *Config* link to redirect to the config page.
. Enter the reCAPTCHA site key generated from the Google reCAPTCHA website, on the config page. 
. Enter the secret generated from the Google reCAPTCHA website, on the config page.
. Authorize Google to use the registration page as an iframe.
+
NOTE: {project_name} prevents websites from including a login page dialog in an iframe. This restriction is to prevent clickjacking attacks. You need to change the default HTTP response headers that is set in {project_name}.
+
.. Click *Realm Settings* in the left menu. 
.. Click the *Security Defenses* tab.  
.. Enter `https://www.google.com` in the field for the *X-Frame-Options* header.
.. Enter `https://www.google.com` in the field for the *Content-Security-Policy* header.


[role="_additional-resources"]
.Additional resources
* For more information on extending and creating themes, see the link:{developerguide_link}[{developerguide_name}].
Clean Managing Users section (#37) * Clean Managing Users section * Update user.adoc * Update text * Update text 2020-11-05 17:31:15 +00:00			`// Module included in the following assemblies:`
			`//`
			`// server_admin/topics/users.adoc`

			`[id="proc-enabling-recaptcha-support_{context}"]`
			`= Enabling reCAPTCHA Support`

			`[role="_abstract"]`
			`To safeguard registration against bots, {project_name} has integration with Google reCAPTCHA.`

			Once reCAPTCHA is enabled, you can edit `register.ftl` in your login theme to configure the placement and styling of the reCAPTCHA button on the registration page.

			`.Procedure`
			`. Navigate to the link:https://developers.google.com/recaptcha/[Google Recaptcha website].`
			`. Create an API key to get your reCAPTCHA site key and secret. Note the reCAPTCHA site key and secret for future use in this procedure.`
			`+`
			`NOTE: The localhost works by default. You do not have to specify a domain.`
			`+`
			`. Navigate to the {project_name} admin console.`
			`. Click Authentication in the left menu.`
			`. Click the Flows tab.`
			`. Select Registration from the drop down menu.`
			`. Set the reCAPTCHA requirement to Required by clicking the appropriate radio button. This enables`
			`reCAPTCHA.`
			`. Click Actions to the right of the reCAPTCHA flow entry.`
			`. Click the Config link to redirect to the config page.`
			`. Enter the reCAPTCHA site key generated from the Google reCAPTCHA website, on the config page.`
			`. Enter the secret generated from the Google reCAPTCHA website, on the config page.`
			`. Authorize Google to use the registration page as an iframe.`
			`+`
			`NOTE: {project_name} prevents websites from including a login page dialog in an iframe. This restriction is to prevent clickjacking attacks. You need to change the default HTTP response headers that is set in {project_name}.`
			`+`
			`.. Click Realm Settings in the left menu.`
			`.. Click the Security Defenses tab.`
			.. Enter `https://www.google.com` in the field for the X-Frame-Options header.
			.. Enter `https://www.google.com` in the field for the Content-Security-Policy header.


			`[role="_additional-resources"]`
			`.Additional resources`
			`* For more information on extending and creating themes, see the link:{developerguide_link}[{developerguide_name}].`