[keycloak-user] Setting authentication execution requirement via kcadm.sh?

Craig Setera craig at baseventure.com
Mon Oct 15 08:21:30 EDT 2018 

I'm trying to figure out if it is possible to set the "requirement" level
of an execution that is created for an authentication flow via the kcadm
tool.  I have a shell script that I'm using to set up the Keycloak
configuration that looks like the following:


*echo "Creating new authentication flow..."AUTO_LINK_FLOW_ID=`${KCADM}
create authentication/flows --id -r ${REALM_NAME} -s
alias="FirstBrokerLoginAutoLink" -s providerId="basic-flow" -s
topLevel=true`*



*echo "Adding unique authenticator..."${KCADM} create
authentication/flows/FirstBrokerLoginAutoLink/executions/execution --id -r
${REALM_NAME} \    -s provider=idp-create-user-if-unique -s
requirement=ALTERNATIVE -s priority=10*




*echo "Adding auto link authenticator..."${KCADM} create
authentication/flows/FirstBrokerLoginAutoLink/executions/execution -r
${REALM_NAME} \    -s provider=idp-auto-link -s requirement=ALTERNATIVE -s
priority=20*
With this script, I'm seeing the flow and executions created, but the
requirement seems to be ignored.  In this case, the executions are always
set to DISABLED.  I've tried to follow that up with an update call that
looks like this:






*echo "Adding unique authenticator..."EXECUTION_ID=`${KCADM} create
authentication/flows/FirstBrokerLoginAutoLink/executions/execution --id -r
${REALM_NAME} \    -s provider=idp-create-user-if-unique -s
requirement=ALTERNATIVE -s priority=10`${KCADM} update
authentication/flows/FirstBrokerLoginAutoLink/executions -r ${REALM_NAME}
\    -s id=${EXECUTION_ID} -s requirement=ALTERNATIVE*

However, that is failing with the following error:



*HTTP request error: Can not deserialize instance of
com.fasterxml.jackson.databind.node.ObjectNode out of START_ARRAY tokenat
[Source: [B at 527ee8a7; line: 1, column: 1]*
Can anyone offer any suggestions on how to get this authentication flow
properly configured so that the executions are set to ALTERNATIVE?

Thanks!
Craig

=================================
*Craig Setera*

*Chief Technology Officer*

More information about the keycloak-user mailing list