Open drduker opened 2 months ago
correction, authentications are only useful if you have a single execution per flow. But no one does that.
Example json of one that works my manually adding configuration:
"authenticationExecutions": [
{
"authenticator": "auth-cookie",
"authenticatorFlow": false,
"requirement": "ALTERNATIVE",
"priority": 0,
"autheticatorFlow": false,
"userSetupAllowed": false
},
{
"authenticator": "auth-x509-client-username-form",
"authenticatorFlow": false,
"requirement": "ALTERNATIVE",
"priority": 1,
"autheticatorFlow": false,
"userSetupAllowed": false
},
{
"authenticatorFlow": true,
"requirement": "ALTERNATIVE",
"priority": 2,
"autheticatorFlow": true,
"flowAlias": "MFA Login",
"userSetupAllowed": false
}
What this provider creates configuration with brokecode:
{
"authenticatorFlow": true,
"requirement": "ALTERNATIVE",
"priority": 0,
"autheticatorFlow": true,
"flowAlias": "mfa_login",
"userSetupAllowed": false
},
{
"authenticator": "auth-x509-client-username-form",
"authenticatorFlow": false,
"requirement": "ALTERNATIVE",
"priority": 0,
"autheticatorFlow": false,
"userSetupAllowed": false
},
{
"authenticator": "auth-cookie",
"authenticatorFlow": false,
"requirement": "ALTERNATIVE",
"priority": 0,
"autheticatorFlow": false,
"userSetupAllowed": false
}
Hi @drduker, thanks for reporting. Could you please provide an example pulumi program which shows the issue?
The problem is that execution and subflows have specific order. Within the GUI you can move them up and down and the order certainly matters. However there is no usage available to define priority within inputs which sets the order within keycloak - https://www.pulumi.com/registry/packages/keycloak/api-docs/authentication/execution/#inputs
https://www.keycloak.org/docs-api/latest/rest-api/index.html#AuthenticatorConfigRepresentation
terraform has a similar issue: https://github.com/mrparkers/terraform-provider-keycloak/issues/296
This provider is generated from mrparkers terraform provider, so we will pick up the fix to https://github.com/mrparkers/terraform-provider-keycloak/issues/296 as soon as the upstream provider fixes it.
Describe what happened
All executions and subflows have priority of zero if not settable and no way to set with current usage so it makes setting up authentication flows useless.
Sample program
na
Log output
No response
Affected Resource(s)
No response
Output of
pulumi about
pulumi creates, but what it creates is unusable
Additional context
No response
Contributing
Vote on this issue by adding a 👍 reaction. To contribute a fix for this issue, leave a comment (and link to your pull request, if you've opened one already).