Skip to content

Keycloak

Changing password policy text

This documents how to change the password policy text post deployment, if you want to change this at deployment time see the configuration docs.

To change the password policy text post deployment, you need to adjust the custom theme config map and restart the Keycloak pod.

  1. Retrieve the template for the login update password page, and theme properties, from the custom theme config map:

    kubectl get configmap custom-theme-configmap -o json | jq -r '.data["login-update-password.ftl"]'  > login-update-password.ftl
    kubectl get configmap custom-theme-configmap -o json | jq -r '.data["theme.properties"]' > theme.properties
    
  2. Make your changes to login-update-password.ftl. The password policy should go between

    <#elseif section = "form">
    
    and
    <form id="kc-passwd-update-form" class="${properties.kcFormClass!}" action="${url.loginAction}" method="post">
    

  3. Recreate the configmap with your changes:

    kubectl create configmap custom-theme-configmap \
    --save-config --dry-run=client \
    --from-file=./login-update-password.ftl --from-file=./theme.properties \
    -o yaml | kubectl apply -f -
    
  4. Restart the Keycloak pod for the changes to take effect:

    kubectl delete pod -l app.kubernetes.io/name=keycloak