search

keycloak / terraform-provider-keycloak

Terraform provider for Keycloak
https://registry.terraform.io/providers/mrparkers/keycloak/latest/docs
Apache License 2.0
637 stars 315 forks source link

How to get `IDPSSODescriptor` in newer keycloak releases? #820

Open james-callahan opened 1 year ago

james-callahan commented 1 year ago

provider_id = "saml-idp-descriptor" in keycloak_saml_client_installation_provider no longer seems to work.

> Error: error sending GET request to /admin/realms/MYREALM/clients/MYCLIENTUUID/installation/providers/saml-idp-descriptor: 404 Not Found. Response body: {"error":"Unknown Provider"}
│ 
│   with data.keycloak_saml_client_installation_provider.myinstallation,

Newer KeyCloak seems to make the document available at https://$HOST/realms/$REALM/protocol/saml/descriptor (it's non-client specific). Perhaps that should be exposed as a new terraform data source?

james-callahan commented 1 year ago

For what it's worth, I currently work around this via:

# Workaround https://github.com/mrparkers/terraform-provider-keycloak/issues/820
data "http" "keycloak_saml" {
  url = "${local.keycloak_base_url}/realms/${keycloak_realm.myrealm.realm}/protocol/saml/descriptor"
}

This does result in a warning in all plans/applies:

│ Warning: Content-Type is not recognized as a text type, got "application/xml;charset=UTF-8"
│ 
│   with module.keycloak.data.http.keycloak_saml,
│   on keycloak/main.tf line 68, in data "http" "keycloak_saml":
│   68: data "http" "keycloak_saml" {
│ 
│ If the content is binary data, Terraform may not properly handle the contents of the response.

So it's not a great long term option.