Update of a SAML federation does not work (from realm json)
semangard opened this issue · 4 comments
Describe the bug
A SAML identityProviders is not updated from the realm json (e.g.: SAML signature's validation).
To Reproduce
- Create an SAML Identity provider on a realm
- Try to update a realm in order to activate the SAML signature's validation of this provider (updated realm JSON)
=> The SAML Identity provider is not updated,
Extract of the JSON :
Expected behavior
The realm and its SAML Identity provider should be updated.
Enviroment (please complete the following information):
- Keycloak Version : 11.0.3
- Library Version : 1.14.10
In fact it even worst:
- if I delete the Identity provider
- this one is not re-created from the realm JSON
- this one is only created if the realm is also re-created....
I think you are not using the right methods to update the identity providers. To change an existing SAML idp to set validateSignature to true you can do this:
const idp = await kcAdminClient.identityProviders.findOne({
alias: 'saml',
});
await kcAdminClient.identityProviders.update(
{alias: 'saml'},
{
...idp,
// only change the validateSignature
config: {...idp.confg, validateSignature: "true"},
});Thanks for your feedbak.
Yes I could BUT :-) I would prefer to manage everything from a single JSON : the JSON of the realm
It works for the realm's creation but not later (e.g. for a realm's update)
It would be great to have a lib who could do this cleverly using the appropriate API if there are some lacks or limitations on the KeyCloak API.
Hope you see what I mean.
This library is simple and only calls the keycloak API I don't think the realm API was meant to be used / designed like this. One thing that you could try if you really just want it to work like this is deleting the realm and then recreate it.