[keycloak-user] How to add executions to a flow?
Dmitry Telegin
dt at acutus.pro
Mon Aug 6 06:54:59 EDT 2018
Hi Julien,
Executions are added to the flow in a bit different way. You need to use another endpoint and add executions one by one. Try the following:
/kcadm.sh create authentication/flows/foo/executions/execution -f create.json
with:
{
"provider" : "idp-create-user-if-unique"
}
The "provider" attribute is the only mandatory one. (NB it's "provider", not "providerId"). This will respond with "Created new execution with id '...'", and you will need to parse the ID.
The execution will be created as disabled by default. To enable it, use "kcadm.sh update":
./kcadm.sh update authentication/flows/foo/executions -f update.json
with:
{
"id" : "<execution ID>",
"requirement" : "ALTERNATIVE",
"displayName" : "Create User If Unique",
"requirementChoices" : [ "ALTERNATIVE", "REQUIRED", "DISABLED" ],
"configurable" : true,
"providerId" : "idp-create-user-if-unique",
"level" : 0,
"index" : 0
}
BTW the best way do discover how to create things with kcadm is to open Keycloak admin console in the browser, open Network console (F12 -> Network), perform the desired actions and analyze payloads that the GUI sends to the REST backend.
Good luck!
Dmitry Telegin
CTO, Acutus s.r.o.
Keycloak Consulting and Training
Pod lipami street 339/52, 130 00 Prague 3, Czech Republic
+42 (022) 888-30-71
E-mail: info at acutus.pro
On Thu, 2018-08-02 at 09:51 +0200, Julien Pivotto wrote:
> - PART 0 --
>
> When I run:
> ./bin/kcadm.sh create authentication/flows -r foo -f test.json
>
> with:
> {
> "id" : "testtest2",
> "alias" : "first broker login without review 2",
> "description" : "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account",
> "providerId" : "basic-flow",
> "topLevel" : true,
> "builtIn" : false,
> "authenticationExecutions" : [ {
> "authenticator" : "idp-create-user-if-unique",
> "requirement" : "ALTERNATIVE",
> "priority" : 20,
> "userSetupAllowed" : false,
> "autheticatorFlow" : false
> } ]
> }
>
> Then the authenticationExecutions is discarded and the flow has no execution.
>
>
> -- PART 1 --
>
> When I run:
> ./bin/kcadm.sh create authentication/flows/first%20broker%20login%20without%20review/executions -r foo -f test.json
>
>
>
> with:
>
> [ {
> "id" : "c0f4ae10-7e26-4566-a113-b1235920f69a",
> "requirement" : "ALTERNATIVE",
> "displayName" : "Create User If Unique",
> "requirementChoices" : [ "ALTERNATIVE", "REQUIRED", "DISABLED" ],
> "configurable" : true,
> "providerId" : "idp-create-user-if-unique",
> "level" : 0,
> "index" : 0
> }, {
> "id" : "31882673-e8fc-4b24-8e11-4dd400acb9c7",
> "requirement" : "ALTERNATIVE",
> "displayName" : "Link IDP Login",
> "requirementChoices" : [ "ALTERNATIVE", "DISABLED" ],
> "configurable" : false,
> "providerId" : "link-idp-login-authenticator",
> "level" : 0,
> "index" : 1
> } ]
>
> I get a 500
>
> 09:36:47,808 ERROR [org.keycloak.services.error.KeycloakErrorHandler] (default task-2) Uncaught server error: com.fasterxml.jack
> son.databind.JsonMappingException: Can not deserialize instance of org.keycloak.representations.idm.AuthenticationExecutionInfoRepresentation out of START_ARRAY token
> > at [Source: io.undertow.servlet.spec.ServletInputStreamImpl at 41d5dda8; line: 1, column: 1]
> at com.fasterxml.jackson.databind.JsonMappingException.from(JsonMappingException.java:270)
> at com.fasterxml.jackson.databind.DeserializationContext.reportMappingException(DeserializationContext.java:1234)
> at com.fasterxml.jackson.databind.DeserializationContext.handleUnexpectedToken(DeserializationContext.java:1122)
> at com.fasterxml.jackson.databind.DeserializationContext.handleUnexpectedToken(DeserializationContext.java:1075)
> at com.fasterxml.jackson.databind.deser.BeanDeserializerBase.deserializeFromArray(BeanDeserializerBase.java:1371)
> at com.fasterxml.jackson.databind.deser.BeanDeserializer._deserializeOther(BeanDeserializer.java:174)
> at com.fasterxml.jackson.databind.deser.BeanDeserializer.deserialize(BeanDeserializer.java:150)
> at com.fasterxml.jackson.databind.ObjectReader._bind(ObjectReader.java:1583)
> at com.fasterxml.jackson.databind.ObjectReader.readValue(ObjectReader.java:964)
> at org.jboss.resteasy.plugins.providers.jackson.ResteasyJackson2Provider.readFrom(ResteasyJackson2Provider.java:134)
> at org.jboss.resteasy.core.interception.AbstractReaderInterceptorContext.readFrom(AbstractReaderInterceptorContext.java:
> 66)
> at org.jboss.resteasy.core.interception.ServerReaderInterceptorContext.readFrom(ServerReaderInterceptorContext.java:61)
> at org.jboss.resteasy.core.interception.AbstractReaderInterceptorContext.proceed(AbstractReaderInterceptorContext.java:5
> 6)
> at org.jboss.resteasy.security.doseta.DigitalVerificationInterceptor.aroundReadFrom(DigitalVerificationInterceptor.java:
> 36)
> at org.jboss.resteasy.core.interception.AbstractReaderInterceptorContext.proceed(AbstractReaderInterceptorContext.java:5
> 9)
> at org.jboss.resteasy.core.MessageBodyParameterInjector.inject(MessageBodyParameterInjector.java:151)
> at org.jboss.resteasy.core.MethodInjectorImpl.injectArguments(MethodInjectorImpl.java:92)
>
>
> -- THEREFORE --
>
> How can I create a flow with executions with the cli?
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
More information about the keycloak-user
mailing list