2026-01-13 20:23:26 +00:00
1 changed files with 12 additions and 2 deletions
--- a/services/keycloak/ldap-federation-job.yaml
+++ b/services/keycloak/ldap-federation-job.yaml
@ -2,7 +2,7 @@
 apiVersion: batch/v1
 kind: Job
 metadata:
-  name: keycloak-ldap-federation-1
+  name: keycloak-ldap-federation-2
  namespace: sso
 spec:
  backoffLimit: 2
@ -117,6 +117,16 @@ spec:

              token = wait_for_keycloak()

+              # Keycloak component "parentId" must be the realm UUID, not the realm name.
+              status, realm_rep, _ = http_json(
+                  "GET",
+                  f"{base_url}/admin/realms/{realm}",
+                  token,
+              )
+              if status != 200 or not realm_rep or not realm_rep.get("id"):
+                  raise SystemExit(f"Unable to resolve realm id for {realm} (status={status})")
+              realm_id = realm_rep["id"]
+
              # Find existing LDAP user federation provider (if any)
              status, components, _ = http_json(
                  "GET",
@ -138,7 +148,7 @@ spec:
                  "name": "openldap",
                  "providerId": "ldap",
                  "providerType": "org.keycloak.storage.UserStorageProvider",
-                  "parentId": realm,
+                  "parentId": realm_id,
                  "config": {
                      "enabled": ["true"],
                      "priority": ["0"],