REST API configure "identity-provider-redirector"
64 views
Skip to first unread message
Bernd Schatz
Jan 13, 2023, 9:28:06 AM1/13/23
to Keycloak User
Hi,
i want to configure keycloak to redirect to an
identity provider rather than displaying the login form.
It works fine with the gui, as described in the docu here -->
I send a PUT request, and the REST-API also response with the expected json.
But no changes are happened, neither in the GUI nor does a second
REST-API GET-Call show any changes.
Update request is:
echo "*** Get Authentication flow id of ,,Browser'' ***"
BuiltInBrowserId=$(${CURL_CMD} \
-X GET \
-H "Accept: application/json" \
-H "Authorization: Bearer $adminToken" \
--silent \
"$uri/admin/realms/jfoss12/authentication/flows" | jq -c '.[] | select( .alias == "browser")' | jq -rc '.id')
echo "XXXXXXXXXXXX AuthFlowBrowserId: <<$BuiltInBrowserId>> XXXXXXXXXXXXXX"
data=$(cat <<-EOF
{
"alias": "browser",
"description": "browser based authentication using ping web login",
"providerId": "basic-flow",
"topLevel": true,
"builtIn": true,
"authenticationExecutions": [
{
"authenticator": "auth-cookie",
"authenticatorFlow": false,
"requirement": "ALTERNATIVE",
"priority": 10,
"autheticatorFlow": false,
"userSetupAllowed": false
},
{
"authenticator": "auth-spnego",
"authenticatorFlow": false,
"requirement": "DISABLED",
"priority": 20,
"autheticatorFlow": false,
"userSetupAllowed": false
},
{
"authenticatorConfig": "Ping-Bridge",
"authenticator": "identity-provider-redirector",
"authenticatorFlow": false,
"requirement": "REQUIRED",
"priority": 5,
"autheticatorFlow": false,
"userSetupAllowed": false
},
{
"authenticatorFlow": true,
"requirement": "ALTERNATIVE",
"priority": 30,
"autheticatorFlow": true,
"flowAlias": "forms",
"userSetupAllowed": false
}
]
}
EOF
)
echo "Using: $data"
responseJson=$(${CURL_CMD} \
-X PUT \
-H "Authorization: Bearer $adminToken" \
-H "Content-Type: application/json" \
-d "$data" \
--silent \
"$uri/admin/realms/jfoss12/authentication/flows/$BuiltInBrowserId" | jq -r
)
echo "response: $(echo $responseJson | jq -r)"
Response is as expected:
{
"id": "71b4ba4b-2248-40e4-aeb6-a5f759ed62ca",
"alias": "browser",
"description": "browser based authentication using ping web login",
"providerId": "basic-flow",
"topLevel": true,
"builtIn": true,
"authenticationExecutions": [
{
"authenticator": "auth-cookie",
"authenticatorFlow": false,
"requirement": "ALTERNATIVE",
"priority": 10,
"autheticatorFlow": false,
"userSetupAllowed": false
},
{
"authenticator": "auth-spnego",
"authenticatorFlow": false,
"requirement": "DISABLED",
"priority": 20,
"autheticatorFlow": false,
"userSetupAllowed": false
},
{
"authenticatorConfig": "Ping-Bridge",
"authenticator": "identity-provider-redirector",
"authenticatorFlow": false,
"requirement": "REQUIRED",
"priority": 5,
"autheticatorFlow": false,
"userSetupAllowed": false
},
{
"authenticatorFlow": true,
"requirement": "ALTERNATIVE",
"priority": 30,
"autheticatorFlow": true,
"flowAlias": "forms",
"userSetupAllowed": false
}
]
}
"id": "71b4ba4b-2248-40e4-aeb6-a5f759ed62ca",
"alias": "browser",
"description": "browser based authentication using ping web login",
"providerId": "basic-flow",
"topLevel": true,
"builtIn": true,
"authenticationExecutions": [
{
"authenticator": "auth-cookie",
"authenticatorFlow": false,
"requirement": "ALTERNATIVE",
"priority": 10,
"autheticatorFlow": false,
"userSetupAllowed": false
},
{
"authenticator": "auth-spnego",
"authenticatorFlow": false,
"requirement": "DISABLED",
"priority": 20,
"autheticatorFlow": false,
"userSetupAllowed": false
},
{
"authenticatorConfig": "Ping-Bridge",
"authenticator": "identity-provider-redirector",
"authenticatorFlow": false,
"requirement": "REQUIRED",
"priority": 5,
"autheticatorFlow": false,
"userSetupAllowed": false
},
{
"authenticatorFlow": true,
"requirement": "ALTERNATIVE",
"priority": 30,
"autheticatorFlow": true,
"flowAlias": "forms",
"userSetupAllowed": false
}
]
}
but the verification with GET shows that the changes are not done:
{
"id": "71b4ba4b-2248-40e4-aeb6-a5f759ed62ca",
"alias": "browser",
"description": "browser based authentication using ping web login",
"providerId": "basic-flow",
"topLevel": true,
"builtIn": true,
"authenticationExecutions": [
{
"authenticator": "auth-cookie",
"authenticatorFlow": false,
"requirement": "ALTERNATIVE",
"priority": 10,
"autheticatorFlow": false,
"userSetupAllowed": false
},
{
"authenticator": "auth-spnego",
"authenticatorFlow": false,
"requirement": "DISABLED",
"priority": 20,
"autheticatorFlow": false,
"userSetupAllowed": false
},
{
"authenticatorConfig": "GUI-Ping-Bridge",
"authenticator": "identity-provider-redirector",
"authenticatorFlow": false,
"requirement": "ALTERNATIVE",
"priority": 25,
"autheticatorFlow": false,
"userSetupAllowed": false
},
{
"authenticatorFlow": true,
"requirement": "ALTERNATIVE",
"priority": 30,
"autheticatorFlow": true,
"flowAlias": "forms",
"userSetupAllowed": false
}
]
}
"id": "71b4ba4b-2248-40e4-aeb6-a5f759ed62ca",
"alias": "browser",
"description": "browser based authentication using ping web login",
"providerId": "basic-flow",
"topLevel": true,
"builtIn": true,
"authenticationExecutions": [
{
"authenticator": "auth-cookie",
"authenticatorFlow": false,
"requirement": "ALTERNATIVE",
"priority": 10,
"autheticatorFlow": false,
"userSetupAllowed": false
},
{
"authenticator": "auth-spnego",
"authenticatorFlow": false,
"requirement": "DISABLED",
"priority": 20,
"autheticatorFlow": false,
"userSetupAllowed": false
},
{
"authenticatorConfig": "GUI-Ping-Bridge",
"authenticator": "identity-provider-redirector",
"authenticatorFlow": false,
"requirement": "ALTERNATIVE",
"priority": 25,
"autheticatorFlow": false,
"userSetupAllowed": false
},
{
"authenticatorFlow": true,
"requirement": "ALTERNATIVE",
"priority": 30,
"autheticatorFlow": true,
"flowAlias": "forms",
"userSetupAllowed": false
}
]
}
Reply all
Reply to author
Forward
0 new messages