24 lines
1.1 KiB
Text
Executable file
24 lines
1.1 KiB
Text
Executable file
[[_recaptcha]]
|
|
= Recaptcha Support on Registration
|
|
|
|
To safeguard registration against bots, Keycloak has integration with Google Recaptcha.
|
|
To enable this you need to first go to https://developers.google.com/recaptcha/[Google Recaptcha] and create an API key so that you can get your recaptcha site key and secret.
|
|
(FYI, localhost works by default so you don't have to specify a domain).
|
|
|
|
Next, go to the Keycloak Admin Console.
|
|
Go to Authentication->Flows page.
|
|
Select the 'registration' flow.
|
|
Set the 'Recaptcha' requirement to 'Required'. Click on the 'Configure' button and enter in the Recaptcha site key and secret.
|
|
|
|
Finally, you have to change Keycloak's default security headers.
|
|
In the Admin Console, go to Settings->Security Defenses of your realm.
|
|
Add a space and `https://www.google.com` to the values of both the `X-Frame-Options` and `Content-Security-Policy` headers.
|
|
i.e.
|
|
|
|
[source]
|
|
----
|
|
frame-src 'self' https://www.google.com
|
|
----
|
|
|
|
That's it! You may want to edit register.ftl in your login theme to muck around with the placement and styling of the recaptcha button.
|
|
Up to you.
|