Uploaded image for project: 'Keycloak'
  1. Keycloak
  2. KEYCLOAK-13951

The Default and OptionalClientScopes parameters in the RealmRepresentation have no effect.

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: Minor
    • Resolution: Deferred
    • Affects Version/s: 9.0.0
    • Fix Version/s: None
    • Component/s: Admin - REST API
    • Labels:
      None
    • Steps to Reproduce:
      Hide

      Login via kcadm.sh script:
      ./kcadm.sh config credentials --server http://x.x.x.x:8080/auth --realm master --user admin --password xxx

      Empty the list of default and optional client-scopes at the realm level:
      ./kcadm.sh update realms/master -s defaultDefaultClientScopes='[]'
      ./kcadm.sh update realms/master -s defaultOptionalClientScopes='[]'

      Verify the settings via the web interface:
      http://x.x.x.x:8080/auth/admin/master/console/#/realms/master/default-client-scopes

      Show
      Login via kcadm.sh script: ./kcadm.sh config credentials --server http://x.x.x.x:8080/auth --realm master --user admin --password xxx Empty the list of default and optional client-scopes at the realm level: ./kcadm.sh update realms/master -s defaultDefaultClientScopes='[]' ./kcadm.sh update realms/master -s defaultOptionalClientScopes='[]' Verify the settings via the web interface: http://x.x.x.x:8080/auth/admin/master/console/#/realms/master/default-client-scopes
    • Docs QE Status:
      NEW
    • QE Status:
      NEW

      Description

      When creating or updating a realm, neither the DefaultClientScopes nor the DefaultOptionalClientScopes can be set.

      I have run the following command with the kcadm.sh tool to remove all DefaultClientScopes and DefaultOptionalClientScopes at the realm level

      ./kcadm.sh update realms/master -s defaultDefaultClientScopes='[]'
      ./kcadm.sh update realms/master -s defaultOptionalClientScopes='[]'

      Both requests are accepted without errors, but have no effect if I check the settings via the web interface at Assigned Default Client Scopes. After I manually removed the entries via the web interface, I tried to add an entry with the same command as above:

      ./kcadm.sh update realms/master -s defaultDefaultClientScopes='["email"]'

      This was also accepted without error but did not have any effect.

      The double "default" in the name of the DefaultClientScopes parameter is also very strange.

      When querying the whole realm neither of the two parameters appear in the returned realm representation.

        Gliffy Diagrams

          Attachments

            Activity

              People

              • Assignee:
                mposolda Marek Posolda
                Reporter:
                yannickguth Yannick Guth
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: