Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Configure authenticationFlowBindingOverrides for a client
See original GitHub issueDescribe the bug
It seems not possible to configure authenticationFlowBindingOverrides for a client.
Keycloak uses authentication flow ID in their client configuration instead of alias.
To Reproduce
I tried to force the authentication flow id and use this id in the client authenticationFlowBindingOverrides configuration but it does not seems to work at least if the auth flow already exists.
{
"enabled": true,
"realm": "realmWithFlow",
"authenticationFlows": [
{
"alias": "my auth flow",
"id": "ad7d518c-4129-483a-8351-e1223cb8eead",
"description": "My auth flow for testing",
"providerId": "basic-flow",
"topLevel": true,
"builtIn": false,
"authenticationExecutions": [
{
"authenticator": "docker-http-basic-authenticator",
"requirement": "DISABLED",
"priority": 0,
"userSetupAllowed": true,
"autheticatorFlow": false
}
]
}
],
"clients": [
{
"clientId": "moped-client",
"authenticationFlowBindingOverrides": {
"browser": "ad7d518c-4129-483a-8351-e1223cb8eead"
},
"name": "moped-client",
"description": "Moped-Client",
"enabled": true,
"clientAuthenticatorType": "client-secret",
"secret": "changed-special-client-secret",
"redirectUris": [
"https://moped-client.org/redirect"
],
"webOrigins": [
"https://moped-client.org/webOrigin"
]
}
]
}
Expected behavior
The configuration should probably use authentication flow aliases and resolve them to ids before making the calls to Keycloak.
{
"enabled": true,
"realm": "realmWithFlow",
"authenticationFlows": [
{
"alias": "my auth flow",
"description": "My auth flow for testing",
"providerId": "basic-flow",
"topLevel": true,
"builtIn": false,
"authenticationExecutions": [
{
"authenticator": "docker-http-basic-authenticator",
"requirement": "DISABLED",
"priority": 0,
"userSetupAllowed": true,
"autheticatorFlow": false
}
]
}
],
"clients": [
{
"clientId": "moped-client",
"authenticationFlowBindingOverrides": {
"browser": "my auth flow"
},
"name": "moped-client",
"description": "Moped-Client",
"enabled": true,
"clientAuthenticatorType": "client-secret",
"secret": "changed-special-client-secret",
"redirectUris": [
"https://moped-client.org/redirect"
],
"webOrigins": [
"https://moped-client.org/webOrigin"
]
}
]
}
Environment (please complete the following information)
- Keycloak Version: 11.0.2
- keycloak-config-cli Version: v2.1.0-11.0.0
- Java Version: 11
Issue Analytics
- State:
- Created 3 years ago
- Reactions:3
- Comments:9 (6 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
Looks great!
Just one more: While authenticationFlowBindingOverrides is set, change something on an auth flow that triggers a re-create. The id inside authenticationFlowBindingOverrides should be updated to the new flowId.
Additionally. the code coverage will show us some untested codepath. Within this metric we should able to see if we miss something.
Thanks for your helpful comment, we will look into it on our side. I will likely not be the one who do the PR though. We’ve got better java coder than myself.