sso: fix keycloak ldap provider parentId
This commit is contained in:
parent
d70b685f27
commit
8a2f3c733e
@ -2,7 +2,7 @@
|
|||||||
apiVersion: batch/v1
|
apiVersion: batch/v1
|
||||||
kind: Job
|
kind: Job
|
||||||
metadata:
|
metadata:
|
||||||
name: keycloak-ldap-federation-1
|
name: keycloak-ldap-federation-2
|
||||||
namespace: sso
|
namespace: sso
|
||||||
spec:
|
spec:
|
||||||
backoffLimit: 2
|
backoffLimit: 2
|
||||||
@ -117,6 +117,16 @@ spec:
|
|||||||
|
|
||||||
token = wait_for_keycloak()
|
token = wait_for_keycloak()
|
||||||
|
|
||||||
|
# Keycloak component "parentId" must be the realm UUID, not the realm name.
|
||||||
|
status, realm_rep, _ = http_json(
|
||||||
|
"GET",
|
||||||
|
f"{base_url}/admin/realms/{realm}",
|
||||||
|
token,
|
||||||
|
)
|
||||||
|
if status != 200 or not realm_rep or not realm_rep.get("id"):
|
||||||
|
raise SystemExit(f"Unable to resolve realm id for {realm} (status={status})")
|
||||||
|
realm_id = realm_rep["id"]
|
||||||
|
|
||||||
# Find existing LDAP user federation provider (if any)
|
# Find existing LDAP user federation provider (if any)
|
||||||
status, components, _ = http_json(
|
status, components, _ = http_json(
|
||||||
"GET",
|
"GET",
|
||||||
@ -138,7 +148,7 @@ spec:
|
|||||||
"name": "openldap",
|
"name": "openldap",
|
||||||
"providerId": "ldap",
|
"providerId": "ldap",
|
||||||
"providerType": "org.keycloak.storage.UserStorageProvider",
|
"providerType": "org.keycloak.storage.UserStorageProvider",
|
||||||
"parentId": realm,
|
"parentId": realm_id,
|
||||||
"config": {
|
"config": {
|
||||||
"enabled": ["true"],
|
"enabled": ["true"],
|
||||||
"priority": ["0"],
|
"priority": ["0"],
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user