Fix Keycloak authentication flow configuration issues #9987
Conversation
…or_update_executions
ansibullbot
added
bug
felixfontein
added
check-before-release
|
Thanks for your contribution! From an Ansible point of view it looks good to me; I can't say anything about the change itself :) If nobody objects, I'll merge this at the end of the upcoming week. |
|
During testing, I realized that the issue seems to be fixed in KC 26.2.0+ |
|
Does the fix break anything with 26.2.0+? If not, it's probably best to adjust the changelog fragment to mention that the fix is only needed for < 26.2.0. |
| # environment: | ||
| # https_proxy: http://10.249.120.90:8080 | ||
| # http_proxy: http://10.249.120.90:8080 |
There was a problem hiding this comment.
This shouldn't be here, I suppose ;-)
| return_content: true | ||
| status_code: 200 | ||
| headers: | ||
| X-Requested-By: "Jenkins" |
There was a problem hiding this comment.
Just curiosity, is this required?
There was a problem hiding this comment.
Look like it's useless
There was a problem hiding this comment.
The test container start (and implicit stop) could be added directly into the test itself. See:
as an example
There was a problem hiding this comment.
Sorry I wasn't very thorough in my directions. Please check the meta stuff in the mssql_script integration test as well, with the dependency to the setup_docker role, to ensure that docker is installed (and uninstalled after the test).
To ensure everything is working as it should, it is suggested to run the test on a clean VM (using vagrant could make that easier).
There was a problem hiding this comment.
I don't think we want to run these tests in CI. That's something that should happen once all Keycloak stuff is moved to its own collection, and then it's time to figure out there how integration tests should run. Investing too much time into that now is potentially wasting resources that could be spent better after a move. (Of course, assuming that a move will happen.)
… token task, and enhance variable management
|
BTW, @desand01 you might be interested in https://forum.ansible.com/t/keycloak-modules-in-community-general/41746 |
|
@felixfontein thanks, I'm going to register and follow the discussion |
|
It seems that changes introduced by KC 26 might be turning into a common theme - see #9983 - maybe we should define a common strategy for these (and future) changes related to that versioning. Cc: @fgruenbauer |
|
That's another reason why a common collection for all Keycloak modules and plugins would be a great thing, so that there's a good place where such discussions can take place :) |
Backport to stable-9: 💚 backport PR created✅ Backport PR branch: Backported as #10017 🤖 @patchback |
felixfontein
removed
the
check-before-release
* Add delete_authentication_config method and integrate it into create_or_update_executions * typo * Sanity * Add integration tests for keycloak_authentication module with README, tasks, and variables * Add copyright and license information to access_token.yml * Sanity * Refactor Keycloak integration tests: streamline README, update access token task, and enhance variable management * Maj changelogs fragments --------- Co-authored-by: Andre Desrosiers <[email protected]> (cherry picked from commit a8b9773)
Backport to stable-10: 💚 backport PR created✅ Backport PR branch: Backported as #10018 🤖 @patchback |
* Add delete_authentication_config method and integrate it into create_or_update_executions * typo * Sanity * Add integration tests for keycloak_authentication module with README, tasks, and variables * Add copyright and license information to access_token.yml * Sanity * Refactor Keycloak integration tests: streamline README, update access token task, and enhance variable management * Maj changelogs fragments --------- Co-authored-by: Andre Desrosiers <[email protected]> (cherry picked from commit a8b9773)
…low configuration issues (#10018) Fix Keycloak authentication flow configuration issues (#9987) * Add delete_authentication_config method and integrate it into create_or_update_executions * typo * Sanity * Add integration tests for keycloak_authentication module with README, tasks, and variables * Add copyright and license information to access_token.yml * Sanity * Refactor Keycloak integration tests: streamline README, update access token task, and enhance variable management * Maj changelogs fragments --------- Co-authored-by: Andre Desrosiers <[email protected]> (cherry picked from commit a8b9773) Co-authored-by: desand01 <[email protected]>
…ow configuration issues (#10017) Fix Keycloak authentication flow configuration issues (#9987) * Add delete_authentication_config method and integrate it into create_or_update_executions * typo * Sanity * Add integration tests for keycloak_authentication module with README, tasks, and variables * Add copyright and license information to access_token.yml * Sanity * Refactor Keycloak integration tests: streamline README, update access token task, and enhance variable management * Maj changelogs fragments --------- Co-authored-by: Andre Desrosiers <[email protected]> (cherry picked from commit a8b9773) Co-authored-by: desand01 <[email protected]>
SUMMARY
Fix authentification flow configuration duplication
ISSUE TYPE
COMPONENT NAME
keycloak_authentication.py
keycloak.py
ADDITIONAL INFORMATION
Modification to authentification flow configuration cause the creation of a duplicate record in AUTHENTICATOR_CONFIG and AUTHENTICATOR_CONFIG_ENTRY
KC26 exported realm:
{ "id": "f76d998c-6eb4-42fa-b3b1-df8ae2be926c", "alias": "my-conditional-reset-otp-config", "config": { "defaultOtpOutcome": "force", "noOtpRequiredForHeaderPattern": "X-Forwarded-For: 10\\.[0-9\\.:]+" } }, { "id": "e195fad8-4470-47be-ada2-ecf44146a0eb", "alias": "my-conditional-reset-otp-config", "config": { "defaultOtpOutcome": "force", "noOtpRequiredForHeaderPattern": "X-Original-Forwarded-For: 10.[0-9\\.:]+" } }