klausbetz
commented
1 year ago Hi @AMB-Informacio,
This extension officially doesn't support Keycloak 21.0 and above.
Anyways, which version of the extension do you use in your deployment?
Closed AMB-Informacio closed 1 year ago
klausbetz
commented
1 year ago Hi @AMB-Informacio,
This extension officially doesn't support Keycloak 21.0 and above.
Anyways, which version of the extension do you use in your deployment?
AMB-Informacio
commented
1 year ago We installed and configured it with Keycloak 19, with a previous version of this extension (1.2.0). It didn't work then, I understand the problem wasn't exactly the same but I also was in the callback.
Recently we have updated to Keycloak 21 and the version 1.4.1 of this extension.
klausbetz
commented
1 year ago Seems to be related to https://github.com/keycloak/keycloak/discussions/19356
wcislo-saleor
commented
1 year ago @klausbetz
Do you have any insights what changes in Keycloak 21 led to cause the reported NullPointerException error?
To my understanding Keycloak 21 no longer provides a way to configure additional identity providers through user interface due to deletion of old Admin UI and this the reason why apple-identity-provider-keycloak currently does not support Keycloak 21.
I made an experiment and configured apple-identity-provider-keycloak (version 1.4.1) on Keycloak 20.0.5 programatically with Terraform (https://github.com/mrparkers/terraform-provider-keycloak), without use of Admin UI . Excerpt of the manifest below.
resource "keycloak_oidc_identity_provider" "apple" {
realm = keycloak_realm.realm.id
provider_id = "apple"
alias = "apple"
default_scopes = "name email"
trust_email = true
sync_mode = "IMPORT"
client_id = var.keycloak_apple_idp_client_id
extra_config = {
"teamId" = var.keycloak_apple_idp_team_id
"keyId" = var.keycloak_apple_idp_key_id
"p8Content" = var.keycloak_apple_idp_key_content
}
# Required by Terraform provider but not Keycloak's Apple plugin
client_secret = "required.but.not.necessary"
authorization_url = "https://required.but.not.necessary"
token_url = "https://required.but.not.necessary"
}With identity provider created this way I was successfully able to log in using my Apple ID. Starting from scratch, I configured apple-identity-provider-keycloak in the same way on Keycloak 21.0.2. Upon attempt to log in with Apple ID I encounter the error reported in this issue.
While lack of old Admin UI is an issue, it seems that it could be circumvented (at least temporarily) by configuring this identity provider programatically. At the same time, the fix for NullPointerException error would be required for the identity provider to work correctly on Keycloak 21. Any insights into the reasons why the same code works on Keycloak 20 but no longer on Keycloak 21 would be greatly appreciated.
wcislo-saleor
commented
1 year ago I did some more digging and found out the way how to fix this error on Keycloak 21.0.2. That does not solve the issue of provider configuration but it might be a step forward towards making the provider compatible with Keycloak 21.
AMB-Informacio
commented
1 year ago Thanks @wcislo-saleor ! It worked for me.
In fact if values can come from the constructor I prefer that way. I forked the project and did the same.
After that I set some missing config values directly in the database, something like:
insert into identity_provider_config
(identity_provider_id,value,name)
VALUES
('provider-realm-bindingid-from-identity_provider-table', 'XXXXX - The large value, clientSecret from Apple', 'p8Content')
('provider-realm-bindingid-from-identity_provider-table', 'keyIdValueFromApple', 'keyId')
('provider-realm-bindingid-from-identity_provider-table', 'AppleTeamId', 'teamId')
('provider-realm-bindingid-from-identity_provider-table', 'AppleClientId', 'clientId')
;
We are having an error with version 21.0.1, on the callback from Apple login page.
@Context protected KeycloakSession session; at AppleIdentityProviderEndpoint seems to be null
This is the log:
Note that it's deployed on AWS using a ECS with two tasks. We don't know if this can be the source of the problem.
Thanks!