Keycloak self-registration — enable on pal-e realm #256

New issue

Open

opened 2026-03-30 22:03:39 +00:00 by forgejo_admin · 0 comments

forgejo_admin commented

2026-03-30 22:03:39 +00:00

Contributor

Type

Feature

Lineage

Standalone — scoped from pal-e-app project (project-pal-e-app).

Repo

forgejo_admin/pal-e-platform

User Story

As a new stakeholder
I want to register for an account via the pal-e-landing page
So that Lucas can onboard me with project permissions

Context

Keycloak supports self-registration on a per-realm basis. The pal-e realm needs registration enabled so that users who visit pal-e-landing can create accounts. After registration, Lucas manually assigns UserProjectPermission entries. The registration form on pal-e-landing redirects to Keycloak's built-in registration page. Check what Keycloak provides out of the box before building custom flows.

File Targets

Files to modify:

Keycloak admin console — realm settings → registration enabled
Potentially terraform if realm config is IaC-managed

Acceptance Criteria

Keycloak pal-e realm has self-registration enabled
New users can create accounts (username, email, password)
Registration page is accessible from a redirect URL
New users appear in Keycloak admin and are queryable

Test Expectations

Manual: register a test user, verify in admin console
Manual: login with new account, verify JWT contains sub claim

Constraints

Check Keycloak built-in features first (feedback_keycloak_first)
May need email verification config — defer if not immediately needed

Checklist

PR opened
Tests pass
No unrelated changes

project-pal-e-app
arch-dataflow-pal-e-app

### Type Feature ### Lineage Standalone — scoped from pal-e-app project (project-pal-e-app). ### Repo `forgejo_admin/pal-e-platform` ### User Story As a new stakeholder I want to register for an account via the pal-e-landing page So that Lucas can onboard me with project permissions ### Context Keycloak supports self-registration on a per-realm basis. The pal-e realm needs registration enabled so that users who visit pal-e-landing can create accounts. After registration, Lucas manually assigns UserProjectPermission entries. The registration form on pal-e-landing redirects to Keycloak's built-in registration page. Check what Keycloak provides out of the box before building custom flows. ### File Targets Files to modify: - Keycloak admin console — realm settings → registration enabled - Potentially terraform if realm config is IaC-managed ### Acceptance Criteria - [ ] Keycloak pal-e realm has self-registration enabled - [ ] New users can create accounts (username, email, password) - [ ] Registration page is accessible from a redirect URL - [ ] New users appear in Keycloak admin and are queryable ### Test Expectations - [ ] Manual: register a test user, verify in admin console - [ ] Manual: login with new account, verify JWT contains sub claim ### Constraints - Check Keycloak built-in features first (feedback_keycloak_first) - May need email verification config — defer if not immediately needed ### Checklist - [ ] PR opened - [ ] Tests pass - [ ] No unrelated changes ### Related - `project-pal-e-app` - `arch-dataflow-pal-e-app`