Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

keycloak_openid_client.authorization decision_strategy field doesn't work #965

Open
javyen-xu opened this issue May 22, 2024 · 2 comments · May be fixed by #971
Open

keycloak_openid_client.authorization decision_strategy field doesn't work #965

javyen-xu opened this issue May 22, 2024 · 2 comments · May be fixed by #971

Comments

@javyen-xu
Copy link

TF code

resource "keycloak_openid_client" "openid_client" {
  realm_id  = data.keycloak_realm.realm.id
  client_id = "xxxx"

  name    = "xxxx"
  enabled = true

  access_type                  = "CONFIDENTIAL"
  client_authenticator_type    = "client-secret"
  standard_flow_enabled        = false
  implicit_flow_enabled        = false
  direct_access_grants_enabled = false
  service_accounts_enabled     = true
  valid_redirect_uris          = []
  web_origins                  = []

  authorization {
    policy_enforcement_mode          = "ENFORCING"
    decision_strategy                = "AFFIRMATIVE"
    allow_remote_resource_management = "true"
  }
}

After it's applied, the Keycloak console still shows Decision strategy as UNANIMOUS.

Screenshot 2024-05-22 at 10 35 07 AM

The RPT authorization result matches the Decision strategy in the Keycloak console.
missedone added a commit to missedone/terraform-provider-keycloak that referenced this issue Jun 1, 2024
@missedone
fixed keycloak#965 by loading the authorization settings
fe7f38d
@missedone missedone linked a pull request Jun 1, 2024 that will close this issue
Draft
missedone added a commit to missedone/terraform-provider-keycloak that referenced this issue Jun 1, 2024
@missedone
fixes keycloak#965 by loading the authorization settings
2ad9361
@missedone
Copy link

seems the issue also relate to this keycloak/keycloak#16998

@mustdiechik
Copy link

the same issue
keycloak:24.0.4
provider: 4.4.0

changing values via

resource "keycloak_openid_client" "some_client" {
...
  authorization {
    policy_enforcement_mode = "ENFORCING"
    decision_strategy = "UNANIMOUS"
    #policy_enforcement_mode = "PERMISSIVE"
    #decision_strategy = "AFFIRMATIVE"
  }

not work with both "policy_enforcement_mode" and "decision_strategy"

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fixed #965 by loading the authorization settings missedone/terraform-provider-keycloak
3 participants
@missedone @javyen-xu @mustdiechik