-
Bug
-
Resolution: Unresolved
-
Critical
-
None
-
8.0.z.GA
-
False
-
None
-
False
-
Documentation (Ref Guide, User Guide, etc.), Migration, Compatibility/Configuration, User Experience
-
Regression
-
-
-
-
-
-
-
?
-
Workaround Exists
-
-
-
-
The Keycloak/RHBK operator lets users provide realm import definitions so that applications can connect to delegate access control to resources for users in a given realm.
We have a test that started failing soon after migrating from RHSSO to RHBK. The test validates securing resources on OpenShift via OIDC based SSO, and it fails an authentication which is expected to be successful because the client .publicClient property is set to false by default now.
Something like the following error is traced by the RHBK instance logs:
type=CODE_TO_TOKEN_ERROR, realmId=basic-auth, clientId=basic-auth-service, userId=xxx, ipAddress=xxx.xxx.xxx.xx, error=invalid_code, grant_type=authorization_code
This seems to be change in behavior causing a regression when compared to the RHSSO integration, which impacts users/customers experience when migrating the described configuration from RHSSO to RHBK.
BTW this is related to RHBK-1408
- clones
-
JBEAP-27065 [QA](8.0.z) s2i Keycloak SAML integration - RequiredActions configuration prevents automatic registration of clients
- New
- is cloned by
-
JBEAP-27067 [QA](8.0.z) s2i Keycloak OIDC integration - APPLICATION_NAME env variable is not properly documented
- New