What I’m Trying to Achieve
- Duplicate the Browser Flow: I have successfully created a copy of the default "Browser" flow, naming it "Custom Browser Flow."
- Add a Custom Authenticator: I want to include a custom authenticator (tenant-authenticator) within an existing step (custom-browser-flow-forms) of the "Custom Browser Flow."
- Requirement: The tenant-authenticator should not be a top-level execution. Instead, it must be added as a nested execution within the custom-browser-flow-forms step to ensure proper execution order and flow structure.
What I Have Done
Using the Keycloak Admin API:
- I duplicated the browser flow using the /admin/realms/{realm}/authentication/flows/browser/copy endpoint.
- Retrieved the flow executions for the new flow via /admin/realms/{realm}/authentication/flows/{flow}/executions.
- Identified the custom-browser-flow-forms step and attempted to add the tenant-authenticator as a child execution within it using the /executions/execution endpoint.
The Problem
Despite following the API documentation:
- The tenant-authenticator execution is being added as a top-level execution rather than being nested under the custom-browser-flow-forms step.
- There doesn’t seem to be a clear way to attach the new execution to a specific parent step using the API.
Relevant Code Snippet
Here’s the part of my script where I attempt to add the custom execution under the desired step:
add_execution_payload = {
"provider": "tenant-authenticator",
"parentFlow": "12345-forms" # ID of 'custom-browser-flow-forms'
}
response =
requests.post(add_execution_url, headers=headers, json=add_execution_payload)
Unfortunately, this results in the tenant-authenticator being added as a top-level execution instead of under the specified parent flow.
What I Need Help With
- Correct API Usage: How can I ensure that the tenant-authenticator execution is properly nested within the custom-browser-flow-forms step?