Closed saravanad closed 2 weeks ago
Good point. I have actually missed to fire the events correctly on group-member updates if the SCIM-Server-API is used. I will try to fix this with the next version.
Thanks for the update. How frequently are the releases done? May i know when will the next version will be released?
There is no specific timing since I just try my best to get the tasks done as fast as possible. But I'm already working on it. I hope to have the bugfix and the next feature ready in two weeks. I will release again as soon as this bugfix and the next feature are available.
Okay, I think I was able to successfully resolve the problem. Please test again with kc-23-2.2.0-free-SNAPSHOT
Hi @Captain-P-Goldfish
I downloaded the kc-23-2.2.0-free-SNAPSHOT and it was not working. Also the date looks like 1.6.2024. Is the Fixed Version available for download?
Thanks, Saravana
The artifact is correct. The timestamp you see is created if the release-entry is created and is not updated if I exchange an underlying file.
I can still verify that the updates to third parts are correctly triggered if I use the SCIM server API. Can you give me the steps you are following, so that I can recreate this problem?
The Following are the steps that we follow.
The Expectation is when User/Group are created in OKTA we would like those changes to be pushed instantly to Sample Spring Boot Application.
Currently it is getting pushed till Keycloak. After that we do a Manual Sync of Group Members, after which it is again pushed to Sample Spring Boot App.
I tested again. I just downloaded the artifact from my website and did the following:
goldfish
and activated the SCIM Server and created a Client for itsynchro-test
and and activated SCIM Server and created a Client for itsynchro-test
and assigned it to realm goldfish
{
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:Group"
],
"displayName": "new-group-4",
"externalId": "798f4f38-b1bb-4d65-9ddd-c59527a8cfc3",
"id": "391f55d5-40d7-4221-b6c7-cd4a809e1260",
"meta": {
"resourceType": "Group",
"created": "2024-06-16T17:57:24.416Z",
"lastModified": "2024-06-17T16:50:45.218Z",
"location": "https://localhost:8444/realms/goldfish/scim/v2/Groups/391f55d5-40d7-4221-b6c7-cd4a809e1260"
}
}
resulted in remote group:
{
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:Group"
],
"displayName": "new-group-4",
"id": "798f4f38-b1bb-4d65-9ddd-c59527a8cfc3",
"meta": {
"resourceType": "Group",
"created": "2024-06-16T17:57:24.533Z",
"lastModified": "2024-06-17T16:50:50.337Z",
"location": "https://localhost:8444/realms/synchro-test/scim/v2/Groups/798f4f38-b1bb-4d65-9ddd-c59527a8cfc3"
}
}
{
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:User"
],
"id": "46f43caa-070b-471b-bb10-13a37422fc7e",
"externalId": "5335c2c8-89f0-4bac-86f9-9edb1aeb2dec",
"userName": "goldfish-2",
"active": false,
"meta": {
"resourceType": "User",
"created": "2024-06-16T17:51:27.558Z",
"lastModified": "2024-06-16T17:51:27.558Z",
"location": "https://localhost:8444/realms/goldfish/scim/v2/Users/46f43caa-070b-471b-bb10-13a37422fc7e",
"version": "W/\"vHb2cTsqD1HjUoo4vJYr4gKxhMA=\""
}
}
resulted in remote user
{
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:User"
],
"id": "5335c2c8-89f0-4bac-86f9-9edb1aeb2dec",
"userName": "goldfish-2",
"active": false,
"meta": {
"resourceType": "User",
"created": "2024-06-16T17:51:28.273Z",
"lastModified": "2024-06-16T17:51:28.273Z",
"location": "https://localhost:8444/realms/synchro-test/scim/v2/Users/5335c2c8-89f0-4bac-86f9-9edb1aeb2dec"
}
}
PATCH https://localhost:8444/realms/goldfish/scim/v2/Groups/391f55d5-40d7-4221-b6c7-cd4a809e1260
Content-Type: application/scim+json
Authorization: Bearer {{$auth.token}}
{ "schemas": [ "urn:ietf:params:scim:api:messages:2.0:PatchOp" ], "Operations": [ { "op": "add", "path": "members", "value": { "value": "46f43caa-070b-471b-bb10-13a37422fc7e", "type": "User" } } ] }
which resulted in
```json
{
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:Group"
],
"members": [
{
"value": "46f43caa-070b-471b-bb10-13a37422fc7e",
"type": "User",
"$ref": "https://localhost:8444/realms/goldfish/scim/v2/Users/46f43caa-070b-471b-bb10-13a37422fc7e",
"display": "goldfish-2"
}
],
"displayName": "new-group-4",
"externalId": "798f4f38-b1bb-4d65-9ddd-c59527a8cfc3",
"id": "391f55d5-40d7-4221-b6c7-cd4a809e1260",
"meta": {
"resourceType": "Group",
"created": "2024-06-16T17:57:24.416Z",
"lastModified": "2024-06-17T16:59:53.941Z",
"location": "https://localhost:8444/realms/goldfish/scim/v2/Groups/391f55d5-40d7-4221-b6c7-cd4a809e1260"
}
}
and 5 seconds later:
{
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:Group"
],
"members": [
{
"value": "5335c2c8-89f0-4bac-86f9-9edb1aeb2dec",
"$ref": "https://localhost:8444/realms/synchro-test/scim/v2/Users/5335c2c8-89f0-4bac-86f9-9edb1aeb2dec",
"display": "goldfish-2",
"type": "User"
}
],
"displayName": "new-group-4",
"id": "798f4f38-b1bb-4d65-9ddd-c59527a8cfc3",
"meta": {
"resourceType": "Group",
"created": "2024-06-16T17:57:24.533Z",
"lastModified": "2024-06-17T16:59:59.064Z",
"location": "https://localhost:8444/realms/synchro-test/scim/v2/Groups/798f4f38-b1bb-4d65-9ddd-c59527a8cfc3"
}
}
As you can see. I cannot verify this issue.
Hi @Captain-P-Goldfish I just downloaded the 23.2.2.0 artifcat and started keycloak. I get the following checksum error. Also i find that the file size is around 7.8 MB.
Last week Friday, when i downloaded the same, it was around 10 MB and i was able to get it up and running.
Yes, the filesize has decreased since I resolved #115
the checksum error is expected since you installed the version 2.2.0-SNAPSHOT once before. Please take a look into the file snapshot-update-manual.txt
that is also displayed in your screenshot from above. This file tells you how to resolve this.
Thanks @Captain-P-Goldfish . It worked.
Hi @Captain-P-Goldfish ,
Users/Groups are pushed from OKTA through SCIM. Hence we have done Configuration through SCIM Server -> Service Provider inorder to receive the updates from OKTA into Keycloak. This is working fine.
Keycloak in turn pushes the Users/Groups to Spring Boot Application. Hence we have done the configuration through SCIM Client -> Remote Service Provider to push updates from Keycloak to Spring Boot App. This is also working fine.
When we create Users or Group, the data is propagated from OKTA -> Keycloak -> Spring Boot.
IF i try to add users to the group from keycloak UI, we get instant updates to spring boot.
However when we try to Add Members to the Group, the data is propagated from OKTA to Keycloak instanteously. However from keycloak to Spring boot it is not happening. The only issues is when users are added to the groups from OKTA.
Any pointers on how to achieve the instant group updates from keycloak to springboot, which are initated from OKTA?
Thanks in advance for your support.
Thanks, Saravana