Add support for declarative_user_profile

adorsys / keycloak-config-cli

Import YAML/JSON-formatted configuration files into Keycloak - Configuration as Code for Keycloak.

Apache License 2.0

734 stars 138 forks source link

Add support for declarative_user_profile #727

Closed ianwallen closed 2 years ago

ianwallen commented 2 years ago

Problem Statement

I enabled declarative_user_profile https://www.keycloak.org/docs/latest/server_admin/#enabling-the-user-profile

And then tried to import a realm with realm property userProfileEnabled set to true but I get an error indicating that the attribute is not supported.

Unrecognized field "userProfileEnabled" (class de.adorsys.keycloak.config.model.RealmImport), not marked as ignorable

I'm assuming that this has failing because it is a keycloak feature that is still in preview?

Proposed Solution

add support for userProfileEnabled?

Environment

Keycloak Version: 18.00
keycloak-config-cli Version: 5.2.0
Java Version: 11

Additional information

No response

Acceptance Criteria

No response

st3v0rr commented 2 years ago

Hi @ianwallen, your assumption is completely correct. I can reproduce the issue with the integration tests by enabling the features preview.

Unfortunatelly our tool relies on the representation types given by keycloak. In this case https://github.com/keycloak/keycloak/blob/18.0.0/core/src/main/java/org/keycloak/representations/idm/RealmRepresentation.java The field "userprofileEnabled" is not present.

As long as the RealmRepresentations don't contain the required fields we are not able to provide a solution for this issue.

jkroepke commented 2 years ago

By reading https://github.com/keycloak/keycloak/blob/b17f0695ee47d94f5470420f8ad061d246ad73f2/services/src/main/java/org/keycloak/userprofile/DeclarativeUserProfileProvider.java#L499 the property userProfileEnabled should be under attributes, not a top level property.

st3v0rr commented 2 years ago

Thanks @jkroepke for your hint @ianwallen I have built a running solution provided in a branch: https://github.com/adorsys/keycloak-config-cli/tree/feature/userProfileEnabled (diff: https://github.com/adorsys/keycloak-config-cli/compare/feature/userProfileEnabled)

For me it worked starting keycloak in the docker compose file als mentioned in the readme an then using keycloak-config-cli-18.0.0.jar with the following commands.

Based on the checked out branch and its project root execute... docker-compose down --remove-orphans && docker-compose up keycloak

java -jar ~/Downloads/keycloak-config-cli-18.0.0.jar \ --keycloak.url=http://localhost:8080 \ --keycloak.ssl-verify=true \ --keycloak.user=admin \ --keycloak.password=admin123 \ --import.files.locations=./contrib/example-config/moped.json

ianwallen commented 2 years ago

@st3v0rr, @jkroepke Yes I see that it is in the attributes sections.

I had performed an export from keycloak to get the locations of the userProfileEnabled attribute and then searched for a key that was next to it. I happened to use the key "clientSessionIdleTimeout" which happens to be in both the attributes and off the root. I had not noticed that there was 2 occurrences and used the wrong one as the reference.

Thank you very much for pointing out my error.

We can close this issue.