search

adorsys / keycloak-config-cli

Import YAML/JSON-formatted configuration files into Keycloak - Configuration as Code for Keycloak.
Apache License 2.0
793 stars 146 forks source link

Support multiple post.logout.redirect.uris #800

Open andres32168 opened 2 years ago

andres32168 commented 2 years ago

Problem Statement

Currently it's not possible to add more then 1 post.logout.redirect.uri in yaml config

This is possible: ` clients:

This is not possible and will give an error

Cannot deserialize value of type java.lang.String from Array value (token JsonToken.START_ARRAY) at [Source: UNKNOWN; byte offset: #UNKNOWN] (through reference chain: de.adorsys.keycloak.config.model.RealmImport["clients"]->java.util.ArrayList[6]->org.keycloak.representations.idm.ClientRepresentation["attributes"]->java.util.LinkedHashMap["post.logout.redirect.uris"])

`

Proposed Solution

No response

Environment

Additional information

It's possible to allow all configured redirect.uris with +

like post.logout.redirect.uris: '+'

This is only a workaround because post.logout.redirect.uris and redirect.uris can be different.

Acceptance Criteria

tbroyer commented 2 years ago

AFAIK, attributes are all strings. For multivalued attributes, values are simply separated by ##, so

post.logout.redirect.uris: "/URI1##/URI2##/URI3"

keycloak-config-cli format is (almost) the same as that of an export from Keycloak itself, where you can see this ## separator. Or in the code, see: https://github.com/keycloak/keycloak/blob/6efa45f93ee385ede866d66ebb0f6284abdb4f57/services/src/main/java/org/keycloak/protocol/oidc/AbstractClientConfigWrapper.java#L65-L69 and https://github.com/keycloak/keycloak/blob/f49582cf63db5b83b399e43a1530b06b18edfad4/server-spi-private/src/main/java/org/keycloak/models/Constants.java#L109-L114

thomasdarimont commented 2 years ago

How about creating a PR with a doc snippet for https://github.com/adorsys/keycloak-config-cli/blob/main/docs/FEATURES.md ?

Motouom commented 5 days ago

Hello @andres32168.

You are getting the error because you are importing the post.logout.redirect.uris in the wrong way. To do so in the right way, you can refer to this part of the code to see how it is done.

What it says is that, you need to use ## to add multiple values into a single string like on the post.logout.redirect.uris

Here are the steps on how to go about it:

  1. open the import
  2. On your attributes where you want to add multiple post.logout.redirect.uris, you need to go as such:
      "attributes": {
        "post.logout.redirect.uris": "https://app1.example.com/logout##https://app2.example.com/logout##https://app3.example.com/logout"
      },

Or get a somple config file to test

{
  "realm": "your-realm",
  "clients": [
    {
      "clientId": "your-client-id",
      "enabled": true,
      "redirectUris": [
        "https://app1.example.com/callback",
        "https://app2.example.com/callback",
        "https://app3.example.com/callback"
      ],
      "webOrigins": [
        "https://app1.example.com",
        "https://app2.example.com",
        "https://app3.example.com"
      ],
      "attributes": {
        "post.logout.redirect.uris": "https://app1.example.com/logout##https://app2.example.com/logout##https://app3.example.com/logout"
      },
      "protocol": "openid-connect",
      "publicClient": false,
      "standardFlowEnabled": true,
      "implicitFlowEnabled": false,
      "directAccessGrantsEnabled": true,
      "serviceAccountsEnabled": false,
      "authorizationServicesEnabled": false,
      "fullScopeAllowed": true
    }
  ]
}

once you load it, this is what you should see on your UI. Image