-
Bug
-
Resolution: Unresolved
-
Critical
-
None
-
8.0.z.GA
-
False
-
None
-
False
-
Documentation (Ref Guide, User Guide, etc.), Migration, Compatibility/Configuration, User Experience
-
Regression
-
-
-
-
-
-
-
?
-
Workaround Exists
-
-
-
-
WildFly/EAP s2i process has a feature which is related to securing resources via Keycloak/RHBK SSO SAML integration. When some environment variables are set, the WildFly/EAP instance will create a SAML client automatically on Keycloak when connecting the Keycloak resource for the first time.
We have a test that started failing soon after migrating from RHSSO to RHBK. The test fails because the automatic registration of client doesn't happen, and this is eventually due to the fact that the realm defines a set of required actions - e.g.: verify email, or profile information - on first access. Such actions must be conigured to be optional for the test to work again.
If this is confirmed, then it should be evaluated what can be done on the WildFly/EAP side. Probably the s2i scripts can't do much on an already created realm, so this should be at least documented. Or maybe the s2i scripts can use the admin REST APIs to perform the additional configuration (i.e. set all the required actions to false), although this seems a bit out of concern.
BTW this is related to RHBK-1407
- is cloned by
-
JBEAP-27066 [QA](8.0.z) Keycloak OIDC integration - Client authentication default configuration in realm definition prevents successful authorization
- New