Registration SPI issues after update to Keycloak 24
535 views
Skip to first unread message
Levin
Mar 26, 2024, 11:51:52 AM3/26/24
to Keycloak User
Hey,
I have a custom registration SPI that allows (and requires) the user to
upload a pdf during registration. The pdf is converted to base64 on the client side and processed inside of the SPI
and can be ignored after the values have been checked. It worked fine
in Keycloak 23.
After the update to Keycloak 24.0.1 (the same for 24.0.2) each Registration fails with the error "Length must be between 0 and 2,048" that is not coming from my SPI. The specific error message is not part of the event log or the Keycloak DEBUG logs.
I assume this has to do with the user name attribute length change in Keycloak 24. I could not find anything similar on the forums or the internet.
After the update to Keycloak 24.0.1 (the same for 24.0.2) each Registration fails with the error "Length must be between 0 and 2,048" that is not coming from my SPI. The specific error message is not part of the event log or the Keycloak DEBUG logs.
I assume this has to do with the user name attribute length change in Keycloak 24. I could not find anything similar on the forums or the internet.
Any idea on how I could find out what is the problem
here? I don't want to save anything in a custom attribute but it seems
this is happening?
I can share the source of my SPI if it is needed.
I can share the source of my SPI if it is needed.
Greetings
Levin Straub
Alexander Schwartz
Mar 28, 2024, 3:42:00 AM3/28/24
to Levin, Keycloak User
Hi Levin,
I assume you're using a user attribute to upload the PDF.
The migration guide contains the following text:
> For unmanaged attributes, the maximum length is 2048 characters. For managed attributes, the default maximum length is 2048 characters. Administrator can change this by adding a validator of type length.
For you to allow upload of the PDF, the following steps would be necessary:
* add the PDF as a managed attribute (you might configure visibility as necessary / as it fits)
* add a length validator to the attribute to specify a maximum PDF size of its base64 encoded form
I hope this resolves the issue.
If you think the text in the migration guide should change to make this more obvious, please create a pull request to update the text in the migration guide.
Best,
Alexander
Alexander
--
You received this message because you are subscribed to the Google Groups "Keycloak User" group.
To unsubscribe from this group and stop receiving emails from it, send an email to keycloak-use...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/keycloak-user/67bc45c7-c7f3-48c4-8db3-bf8efda830adn%40googlegroups.com.
Alexander Schwartz, RHCE
He/Him
Principal Software Engineer, Keycloak Maintainer
Red Hat - Germany remote
 |
Red Hat GmbH, Registered seat: Werner von Siemens Ring 12, D-85630 Grasbrunn, Germany
Commercial register: Amtsgericht Muenchen/Munich, HRB 153243,
Managing Directors: Ryan Barnhart, Charles Cachera, Michael O'Neill, Amy Ross
Commercial register: Amtsgericht Muenchen/Munich, HRB 153243,
Managing Directors: Ryan Barnhart, Charles Cachera, Michael O'Neill, Amy Ross
Levin
Mar 28, 2024, 7:14:51 AM3/28/24
to Keycloak User
Hey Alexander,
thanks for your answer!
I did not want to use an attribute in my SPI to upload the PDF (because it can be discarded once the values are validated) and I could not trace where I was creating the attribute in my SPI.
So I looked a little deeper and saw that the Keycloak RegistrationUserCreation class seems to create attributes from all included form fields. Because the base64 encoded PDF would be a field of the registration form it would try to create an attribute for it because I had the "Unmanaged Attributes" option enabled in my realm. By restricting this to "Only administators can view" I could prevent the attribute from being created while my SPI can still process the PDF.
Greetings
Levin
Reply all
Reply to author
Forward
0 new messages