Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Updating of ClientScope doen't include creating new ProtocolMappers #183

Closed
ArtemZip opened this issue Sep 21, 2020 · 2 comments · Fixed by #184 or #186
Closed

Updating of ClientScope doen't include creating new ProtocolMappers #183

ArtemZip opened this issue Sep 21, 2020 · 2 comments · Fixed by #184 or #186
Labels
bug

Comments

@ArtemZip
Copy link

Describe the bug
I need to update std "profile" client scope with new protocol mapper. According to supported features this thing should work.

To Reproduce
Trying on keycloak 8 with latest version of your cli.
After importing empty realm, kc creates default clientScopes, one of them is profile. Then I import realm with next clientScopes

"clientScopes": [
        {
            "name": "profile",
            "protocolMappers": [
                {
                    "id": "tmp",
                    "name": "tmp",
                    "protocol": "openid-connect",
                    "protocolMapper": "oidc-usermodel-attribute-mapper",
                    "config": {
                        "user.attribute": "name",
                        "claim.name":  "tmp",
                        "access.token.claim":  "true",
                        "id.token.claim": "true",
                        "userinfo.token.claim": "true",
                        "jsonType.label":"String"
                    }
                }
            ]
        }
    ],

also, if i will add id of clientScope it will ignore that.
Also I tried to create new clientScope with same configs as default profile and got 409 from server.

Expected behavior
It should insert/update protocol mapper into clientScope.

Environment (please complete the following information):

  • Keycloak Version: 8
  • keycloak-config-cli Version: latest
  • Java Version: 11
@ArtemZip ArtemZip added the bug label Sep 21, 2020
@jkroepke
Copy link
Contributor

jkroepke commented Sep 21, 2020
edited
Loading

For any reason, we do not touch default clientScopes.

keycloak-config-cli/src/main/java/de/adorsys/keycloak/config/service/ClientScopeImportService.java

Lines 103 to 105 in 66675dd

if (!isNotDefaultScope(clientScope.getName(), existingDefaultClientScopes)) {
logger.debug("Ignore default clientScope '{}' in realm '{}'", clientScopeName, realm);
return;

I can't remember why.

Also I tried to create new clientScope with same configs as default profile and got 409 from server.

Normally, Keycloak should throw some log line at server side.

This was referenced Sep 21, 2020
Merged
Merged
@jkroepke jkroepke reopened this Sep 21, 2020
@jkroepke jkroepke mentioned this issue Sep 21, 2020
Merged
@jkroepke
Copy link
Contributor

Hi!

thanks for discover some bugs. I found 3 in total related to clientScopes.

See #184 and #186 for more informations.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
2 participants
@jkroepke @ArtemZip