A.1.11 Reset password
M-CNCC IAM UI- cncc Realm- Reset password Event
Figure -12 M-CNCC IAM UI- cncc Realm- Reset password Event
M-CNCC IAM Kc Logs
Note:
userIdfield in the log depicts which ADMIN User is performing the reset password action.resourcePathin the logs depicts the UserId of the user whose password is getting reset.
Event
log:
{"timestamp":"2025-11-27T16:41:20.279837473Z","sequence":2701,"loggerClassName":"org.jboss.logging.Logger","loggerName":"org.keycloak.events","level":"DEBUG","message":"operationType=\"ACTION\", realmId=\"master\", realmName=\"master\", clientId=\"6d475927-19a8-4082-a9f4-8d6b68afbb1a\", userId=\"acc21615-964a-4055-8c20-fb2705bd641b\", ipAddress=\"10.75.213.184\", resourceType=\"USER\", resourcePath=\"users/c3108ac1-a5b5-425c-b752-41e4bf36d724/reset-password\"","threadName":"executor-thread-138","threadId":250,"mdc":{},"ndc":"","hostName":"cncc-iam","processName":"/opt/java/jre/bin/java","processId":571}M-CNCC IAM Ingress Gateway logs
SECURITY- Request
log:
{
"instant": {
"epochSecond": 1764261679,
"nanoOfSecond": 509867008
},
"thread": "igw-app-thread5",
"level": "INFO",
"loggerName": "ocpm.cne.gateway.cncc.filters.CnccLoggingFilter",
"message": {
"logType": "SECURITY",
"type": "REQUEST",
"operationType": "PUT",
"userId": "acc21615-964a-4055-8c20-fb2705bd641b",
"username": "admin",
"remoteAddress": "xx.xx.xx.xx:xxxx",
"localAddress": "xx.xx.xx.xx:xxxx",
"resourcePath": "/cncc/auth/admin/realms/cncc/users/c3108ac1-a5b5-425c-b752-41e4bf36d724/reset-password",
"scheme": "http",
"queryParams": {},
"headers": {
"Origin": "http://xx.xx.xx.xx:xxxx",
"Cookie": "{masked}",
"Connection": "keep-alive",
"User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36",
"uuidToken": "17ca23d1-115b-4eb3-afb1-7f293e311674",
"Host": "xx.xx.xx.xx:xxxx",
"Accept-Encoding": "gzip, deflate",
"svcName": "cncc-iam-kc-http.cncc.svc.cluster.local",
"ocLogId": "1764261679508_97_cncc-iam-ingress-gateway-85d6d57584-wt9zk",
"accept": "application/json, text/plain, */*",
"sbi-timer-publish-headers": "false",
"authorization": "{masked}",
"content-type": "application/json",
"Accept-Language": "en-US,en;q=0.9",
"Content-Length": "57",
"sbi-timer-feature": "false"
},
"payload": "{\"temporary\":false,\"type\":{masked},\"value\":{masked}}",
"authenticationType": "UNKNOWN"
},
"endOfBatch": false,
"loggerFqcn": "org.apache.logging.log4j.internal.DefaultLogBuilder",
"threadId": 110,
"threadPriority": 5,
"messageTimestamp": "2025-11-27T16:41:19.509+0000",
"processId": "1",
"ingressTxId": "ingress-tx-428217452",
"pod": "cncc-iam-ingress-gateway-85d6d57584-wt9zk",
"ocLogId": "1764261679508_97_cncc-iam-ingress-gateway-85d6d57584-wt9zk",
"instanceType": "prod",
"xRequestId": "-"
}SECURITY- Response
log:
{
"instant": {
"epochSecond": 1764261680,
"nanoOfSecond": 285525562
},
"thread": "igw-app-thread14",
"level": "INFO",
"loggerName": "ocpm.cne.gateway.cncc.filters.CnccLoggingFilter",
"message": {
"logType": "SECURITY",
"type": "RESPONSE",
"operationType": "PUT",
"userId": "acc21615-964a-4055-8c20-fb2705bd641b",
"username": "admin",
"resourcePath": "/cncc/auth/admin/realms/cncc/users/c3108ac1-a5b5-425c-b752-41e4bf36d724/reset-password",
"scheme": "http",
"headers": {
"Referrer-Policy": "no-referrer",
"X-Frame-Options": "SAMEORIGIN",
"Access-Control-Expose-Headers": "Location",
"Strict-Transport-Security": "max-age=31536000; includeSubDomains",
"transfer-encoding": "chunked",
"Access-Control-Allow-Origin": "http://xx.xx.xx.xx:xxxx",
"Access-Control-Allow-Credentials": "true",
"X-Content-Type-Options": "nosniff",
"RequestMethod": "PUT",
"NettyLatency": "1764261679508"
},
"payload": {},
"authenticationType": "UNKNOWN",
"status": "204 NO_CONTENT"
},
"endOfBatch": false,
"loggerFqcn": "org.apache.logging.log4j.internal.DefaultLogBuilder",
"threadId": 130,
"threadPriority": 5,
"messageTimestamp": "2025-11-27T16:41:20.285+0000",
"processId": "1",
"ingressTxId": "ingress-tx-750888502",
"pod": "cncc-iam-ingress-gateway-85d6d57584-wt9zk",
"ocLogId": "-",
"instanceType": "prod",
"xRequestId": "-"
}Note:
Similar logs will also be observed for the default realm.
M-CNCC IAM UI- cncc Realm- Reset password Error Scenarios
When the new password do not match the password policy
defined for cncc realm (ex: MinSpecialChar)
Figure -13 Set Password
Figure -14 Password Reset Error
M-CNCC IAM Kc
Logs:
{"timestamp":"2025-11-19T13:14:28.223388787Z","sequence":3936,"loggerClassName":"org.jboss.logging.Logger","loggerName":"org.keycloak.services.resources.admin.UserResource","level":"WARN","message":"Could not update user password.","threadName":"executor-thread-381","threadId":3322,"mdc":{},"ndc":"","hostName":"cncc-iam","processName":"/opt/java/jre/bin/java","processId":577,"exception":{"refId":1,"exceptionType":"org.keycloak.models.ModelException","message":"invalidPasswordMinSpecialCharsMessage","frames":[{"class":"org.keycloak.credential.PasswordCredentialProvider","method":"createCredential","line":90},{"class":"org.keycloak.credential.PasswordCredentialProvider","method":"updateCredential","line":189},{"class":"org.keycloak.credential.UserCredentialManager","method":"lambda$updateCredential$2","line":98}M-CNCC IAM Ingress Gateway logs
SECURITY-
Request
log:
{
"instant": {
"epochSecond": 1764261841,
"nanoOfSecond": 397904714
},
"thread": "igw-app-thread20",
"level": "INFO",
"loggerName": "ocpm.cne.gateway.cncc.filters.CnccLoggingFilter",
"message": {
"logType": "SECURITY",
"type": "REQUEST",
"operationType": "PUT",
"userId": "acc21615-964a-4055-8c20-fb2705bd641b",
"username": "admin",
"remoteAddress": "xx.xx.xx.xx:xxxx",
"localAddress": "xx.xx.xx.xx:xxxx",
"resourcePath": "/cncc/auth/admin/realms/cncc/users/c3108ac1-a5b5-425c-b752-41e4bf36d724/reset-password",
"scheme": "http",
"queryParams": {},
"headers": {
"Origin": "http://xx.xx.xx.xx:xxxx",
"Cookie": "{masked}",
"Connection": "keep-alive",
"User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36",
"uuidToken": "e8c7e3d8-5d62-4fc5-82c4-62d8654115cc",
"Host": "xx.xx.xx.xx:xxxx",
"Accept-Encoding": "gzip, deflate",
"svcName": "cncc-iam-kc-http.cncc.svc.cluster.local",
"ocLogId": "1764261841396_97_cncc-iam-ingress-gateway-85d6d57584-wt9zk",
"accept": "application/json, text/plain, */*",
"sbi-timer-publish-headers": "false",
"authorization": "{masked}",
"content-type": "application/json",
"Accept-Language": "en-US,en;q=0.9",
"Content-Length": "55",
"sbi-timer-feature": "false"
},
"payload": "{masked}",
"authenticationType": "UNKNOWN"
},
"endOfBatch": false,
"loggerFqcn": "org.apache.logging.log4j.internal.DefaultLogBuilder",
"threadId": 136,
"threadPriority": 5,
"messageTimestamp": "2025-11-27T16:44:01.397+0000",
"processId": "1",
"ingressTxId": "ingress-tx-1177476893",
"pod": "cncc-iam-ingress-gateway-85d6d57584-wt9zk",
"ocLogId": "1764261841396_97_cncc-iam-ingress-gateway-85d6d57584-wt9zk",
"instanceType": "prod",
"xRequestId": "-"
}SECURITY- Response
log:
{
"instant": {
"epochSecond": 1764261841,
"nanoOfSecond": 416506438
},
"thread": "igw-app-thread4",
"level": "INFO",
"loggerName": "ocpm.cne.gateway.cncc.filters.CnccLoggingFilter",
"message": {
"logType": "SECURITY",
"type": "RESPONSE",
"operationType": "PUT",
"userId": "acc21615-964a-4055-8c20-fb2705bd641b",
"username": "admin",
"resourcePath": "/cncc/auth/admin/realms/cncc/users/c3108ac1-a5b5-425c-b752-41e4bf36d724/reset-password",
"scheme": "http",
"headers": {
"Referrer-Policy": "no-referrer",
"X-Frame-Options": "SAMEORIGIN",
"content-length": "133",
"Access-Control-Expose-Headers": "Location",
"Strict-Transport-Security": "max-age=31536000; includeSubDomains",
"Access-Control-Allow-Origin": "http://xx.xx.xx.xx:xxxx",
"Access-Control-Allow-Credentials": "true",
"X-Content-Type-Options": "nosniff",
"RequestMethod": "PUT",
"NettyLatency": "1764261841396",
"Content-Type": "application/json"
},
"payload": {
"error": "invalidPasswordMinSpecialCharsMessage",
"error_description": "Invalid password: must contain at least 1 special characters."
},
"authenticationType": "UNKNOWN",
"status": "400 BAD_REQUEST"
},
"endOfBatch": false,
"loggerFqcn": "org.apache.logging.log4j.internal.DefaultLogBuilder",
"threadId": 109,
"threadPriority": 5,
"messageTimestamp": "2025-11-27T16:44:01.416+0000",
"processId": "1",
"ingressTxId": "ingress-tx-1331675039",
"pod": "cncc-iam-ingress-gateway-85d6d57584-wt9zk",
"ocLogId": "-",
"instanceType": "prod",
"xRequestId": "-"
}Note:
Similar logs will also be observed for the default realm.
When a M-CNCC Core User’s password is marked as Temporary in
M-CNCC IAM UI, but a same temporary password is entered in the "Update Password"
screen during login on M-CNCC Core UI
Figure -15 Set Password
Figure -16 Update Password
M-CNCC IAM Kc
Logs:
{"timestamp":"2025-11-27T17:09:46.224371082Z","sequence":2763,"loggerClassName":"org.jboss.logging.Logger","loggerName":"org.keycloak.events","level":"WARN","message":"type=\"UPDATE_CREDENTIAL_ERROR\", realmId=\"cncc\", realmName=\"cncc\", clientId=\"cncc\", userId=\"c3108ac1-a5b5-425c-b752-41e4bf36d724\", ipAddress=\"10.75.213.184\", error=\"password_rejected\", credential_type=\"password\", reason=\"invalidPasswordHistoryMessage\", auth_method=\"openid-connect\", custom_required_action=\"UPDATE_PASSWORD\", response_type=\"code\", redirect_uri=\"http://10.75.213.184:30030/login/oauth2/code/cncc-iam\", remember_me=\"false\", code_id=\"390bcc3c-429b-ea57-2ef8-a1387e651704\", response_mode=\"query\", username=\"user_test\"","threadName":"executor-thread-160","threadId":291,"mdc":{},"ndc":"","hostName":"cncc-iam","processName":"/opt/java/jre/bin/java","processId":571}
M-CNCC IAM Ingress Gateway logs
SECURITY- Request
log:
{
"instant": {
"epochSecond": 1764263385,
"nanoOfSecond": 828329586
},
"thread": "igw-app-thread15",
"level": "INFO",
"loggerName": "ocpm.cne.gateway.cncc.filters.CnccLoggingFilter",
"message": {
"logType": "SECURITY",
"type": "REQUEST",
"operationType": "POST",
"userId": "1",
"username": "admin",
"remoteAddress": "xx.xx.xx.xx:xxxx",
"localAddress": "xx.xx.xx.xx:xxxx",
"resourcePath": "/cncc/auth/realms/cncc/login-actions/required-action",
"scheme": "http",
"queryParams": {
"session_code": "CINYdQV-o1HhfeyrF_sOealS9tvggdFSqaHd5cqzKaY",
"execution": "UPDATE_PASSWORD",
"client_id": "cncc",
"tab_id": "9oPc9NocmlA",
"client_data": "eyJydSI6Imh0dHA6Ly8xMC43NS4yMTMuMTg0OjMwMDMwL2xvZ2luL29hdXRoMi9jb2RlL2NuY2MtaWFtIiwicnQiOiJjb2RlIiwic3QiOiJ1NVNwS0dzVXNCTERrWWFxQ3J5dWNFTFdIaEpDU1RrQXVSb3pLeXRRY0gwPSJ9"
},
"headers": {
"Origin": "null",
"Cookie": "{masked}",
"Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7",
"Connection": "keep-alive",
"User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36",
"uuidToken": "16cd85ba-fcdf-445a-bf3f-152273324548",
"Host": "xx.xx.xx.xx:xxxx",
"Accept-Encoding": "gzip, deflate",
"svcName": "cncc-iam-kc-http.cncc.svc.cluster.local",
"ocLogId": "1764263385826_70_cncc-iam-ingress-gateway-85d6d57584-wt9zk",
"sbi-timer-publish-headers": "false",
"Cache-Control": "max-age=0",
"Upgrade-Insecure-Requests": "1",
"Accept-Language": "en-US,en;q=0.9",
"Content-Length": "51",
"sbi-timer-feature": "false",
"Content-Type": "application/x-www-form-urlencoded"
},
"payload": "password-new={masked}&password-confirm={masked}",
"authenticationType": "UNKNOWN"
},
"endOfBatch": false,
"loggerFqcn": "org.apache.logging.log4j.internal.DefaultLogBuilder",
"threadId": 131,
"threadPriority": 5,
"messageTimestamp": "2025-11-27T17:09:45.828+0000",
"processId": "1",
"ingressTxId": "ingress-tx-1231025400",
"pod": "cncc-iam-ingress-gateway-85d6d57584-wt9zk",
"ocLogId": "1764263385826_70_cncc-iam-ingress-gateway-85d6d57584-wt9zk",
"instanceType": "prod",
"xRequestId": "-"
}SECURITY- Response
log:
{
"instant": {
"epochSecond": 1764263386,
"nanoOfSecond": 250971965
},
"thread": "igw-app-thread7",
"level": "INFO",
"loggerName": "ocpm.cne.gateway.cncc.filters.CnccLoggingFilter",
"message": {
"logType": "SECURITY",
"type": "RESPONSE",
"operationType": "POST",
"userId": "1",
"username": "admin",
"resourcePath": "/cncc/auth/realms/cncc/login-actions/required-action",
"scheme": "http",
"headers": {
"content-length": "11464",
"X-Content-Type-Options": "nosniff",
"RequestMethod": "POST",
"Referrer-Policy": "no-referrer",
"X-Frame-Options": "SAMEORIGIN",
"Strict-Transport-Security": "max-age=31536000; includeSubDomains",
"X-Robots-Tag": "none",
"Cache-Control": "no-store, must-revalidate, max-age=0",
"Content-Security-Policy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';",
"NettyLatency": "1764263385826",
"Content-Language": "en",
"Content-Type": "text/html;charset=utf-8"
},
"payload": {},
"authenticationType": "UNKNOWN",
"status": "200 OK"
},
"endOfBatch": false,
"loggerFqcn": "org.apache.logging.log4j.internal.DefaultLogBuilder",
"threadId": 114,
"threadPriority": 5,
"messageTimestamp": "2025-11-27T17:09:46.250+0000",
"processId": "1",
"ingressTxId": "ingress-tx-1889649512",
"pod": "cncc-iam-ingress-gateway-85d6d57584-wt9zk",
"ocLogId": "-",
"instanceType": "prod",
"xRequestId": "-"
}Note:
Similar logs will also be observed for the default realm.
Parent topic: CNC Console UI Event Logs