Open akikoskinen opened 1 year ago
Thanks @akikoskinen for reporting this. Could you provide a reproducer for this similar to that one? https://github.com/adorsys/keycloak-config-cli/issues/623
Here are files to reproduce this. I took an existing test file as a base, slightly modified to suit this case (the filenames have a .txt
extension, although they are JSON files, since GitHub doesn't accept files with a .json
extension). This realm file adds an identity provider with a custom first (and post, I'll return to this later) login flow.
In the next step the identity provider's first login flow is reset to the Keycloak's built-in "first broker login" authentication flow and the custom authentication flow ("my custom first login flow") is removed.
01a-reset-first-login-flow.json.txt
Applying this realm change causes the error and is all for reproducing the original bug reported in this issue.
But I found out that this same issue also concerns the identity provider's post login flow. The 00-initialize.json
file also sets a custom post login flow for the identity provider. If in a second step the post login flow is reset (this time to an empty value, which removes any post login flow from the identity provider) and the custom authentication flow is removed, the same error occurs.
01b-reset-post-login-flow.json.txt
Applying these realm files don't need any special options to be used. I used something like
java -jar ./keycloak-config-cli-19.0.3.jar --keycloak.url=http://localhost:8080/auth --keycloak.user=admin --keycloak.password=admin --import.files.locations=./00-initialize.json
Current Behavior
A custom authentication flow has been set as an identity provider's first broker login flow alias. In one step the identity provider's first broker login flow alias value is changed to another authentication flow and the previous authentication flow is removed.
Keycloak-config-cli tries to first remove the authentication flow. This results to a 500 response from Keycloak. Keycloak's log shows:
Cannot remove authentication flow, it is currently in use
.Expected Behavior
Keycloak-config-cli should first change the identity provider's first broker login flow alias to the new value. The authentication flow should be removed only after that.
Steps To Reproduce
No response
Environment
Anything else?
This is similar to #349 in the sense that things should be done in the correct order.