Uploaded image for project: 'Red Hat Developer Hub Bugs'
  1. Red Hat Developer Hub Bugs
  2. RHDHBUGS-2309

Subgroups imports not working for Keycloak >26.4.0

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Major Major
    • 1.9.0
    • 1.9.0
    • Keycloak Provider
    • None
    • 3
    • False
    • Hide

      None

      Show
      None
    • False

      Description of problem:

      Starting with Keycloak 26.4.0 the serverinfo endpoints stopped serving the systemInfo containing the Keycloak version which is used to determine the mechanism for loading the subgroups.

      From the Release Notes:

      The serverinfo endpoint only returns the system info for administrators in the administrator realm
      Starting with this version, the serverinfo endpoint, which is used by the admin console to obtain some general information of the Keycloak installation, will only return the system information for administrators in the administration (master) realm. This change was done for security reasons.
      If, for whatever reason, an administrator in a common realm needs to access the systemInfo, cpuInfo or memoryInfo fields of the serverinfo response, you need to create and assign a new view-system role to that admin user:
      In the affected realm, select the management client realm-management, and, in the Roles tab, create a new role called view-system.
      In Users select the administrator account, and, in the Role mapping tab, assign the just created view-system client role to the admin user.
      The previous workaround is marked as deprecated and it can be removed in a future version of Keycloak.

      Prerequisites (if any, like setup, operators/versions):

      Steps to Reproduce

      1. Add multiple subgroups in Keycloak
      2. Start Backstage
      3. Only the root groups are available, subgroups are not shown

      The problem is that Keycloak > 26.4.0 removed the systeminfo from the serverinfo endpoint and without that the current switch which selects the used API methods to receive the subgroups use always the API for Keycloak versions < 23.

      serverInfo is called here: https://github.com/backstage/community-plugins/blob/8d37a31170451581e4f3aba9c0734d5c2f036e13/workspaces/keycloak/plugins/catalog-backend-module-keycloak/src/lib/read.ts#L294-L322 

      Actual results:

      The subgroups are not loaded, cause the current switch for the loading mechanism used the Keycloak version which is now not available.

      Expected results:

      The subgroups are loaded as expected over the API added by Keycloak 23.

      Reproducibility (Always/Intermittent/Only Once):

      Build Details:

      Additional info (Such as Logs, Screenshots, etc):

              Unassigned Unassigned
              rh-ee-dzemanov Dominika Zemanovicova
              RHIDP - Plugins
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated: