mirror/keycloak
1
0
Fork 0
mirror of https://github.com/keycloak/keycloak.git synced 2025-12-21 06:20:05 -06:00
Code Issues Packages Projects Releases Wiki Activity

Outdated documentation reCAPTCHA (#36982)

Browse Source 
Closes #36887

Signed-off-by: Stepan Papazyan <papastepano@gmail.com>
(cherry picked from commit 0c46ad299c)

Co-authored-by: papastepano <papastepano@gmail.com>
This commit is contained in:
Alexander Schwartz
2025-02-03 11:21:52 +01:00
committed by GitHub
parent 66a6248d51
commit da2fceb699
1 changed files with 5 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
docs/documentation/server_admin/topics/users/proc-enabling-recaptcha.adoc
View File

@@ -21,10 +21,10 @@ https://www.google.com/recaptcha/admin/create
. Create a reCAPTCHA and choose between Challenge v2 (visible checkbox) or Score-based, v3 (invisible) to get your reCAPTCHA site key and secret. Note them down for future use in this procedure.
+
NOTE: The localhost works by default. You do not have to specify a domain.
NOTE: localhost domains are not supported by default. If you wish to continue supporting them for development you can add them to the list of supported domains for your site key.
+
. Navigate to the {project_name} admin console.
. Click *Authentication* in the menu.
. Click *Authentication* in the menu.
. Click the *Flows* tab.
. Select *Registration* from the list.
. Set the *reCAPTCHA* requirement to *Required*. This enables
@@ -43,8 +43,8 @@ image:images/recaptcha-config.png[]
+
NOTE: In {project_name}, websites cannot include a login page dialog in an iframe. This restriction is to prevent clickjacking attacks. You need to change the default HTTP response headers that is set in {project_name}.
+
.. Click *Realm Settings* in the menu.
.. Click the *Security Defenses* tab.
.. Click *Realm Settings* in the menu.
.. Click the *Security Defenses* tab.
.. Enter `https://www.google.com` in the field for the *X-Frame-Options* header (or `https//www.recaptcha.net` if you enabled *Use recaptcha.net*).
.. Enter `https://www.google.com` in the field for the *Content-Security-Policy* header (or `https//www.recaptcha.net` if you enabled *Use recaptcha.net*).
@@ -67,7 +67,7 @@ NOTE: The localhost works by default. You do not have to specify a domain.
NOTE: For better security, click on *edit api key* and add an API restriction to restrict the key to the *reCAPTCHA Enterprise API* only.
+
. Navigate to the {project_name} Admin Console.
. Click *Authentication* in the menu.
. Click *Authentication* in the menu.
. Click the *Flows* tab.
. Duplicate the "registration" flow.
. Bind the new flow to the *Registration flow*.