Re: [keycloak-dev] Client adapters backwards compatibility

It looks that we should support latest Keycloak server with older versions of Keycloak adapters. So for some corner scenarios, I wonder if we should add the switch to the ClientModel and admin console like "Adapter version" . This switch will be available for both OIDC and SAML clients, but will be useful just for the clients, which uses Keycloak adapter. It will be useful to specify the version of Keycloak client adapter, which particular client application is using. WDYT? The reason why I felt into this is a reported RHSSO bug. Long-story short: When Keycloak SAML 1.9.8 adapter is used with "isPassive=true", then Keycloak 2.5.4 server returns him the valid error response. However 1.9.8 adapter has a bug https://issues.jboss.org/browse/KEYCLOAK-4264 and it throws NPE when it receives such response. With SAML 1.9.8 adapter + 1.9.8 server, the Keycloak server returned invalid error response, however 1.9.8 adapter was able to handle this invalid response without throwing any exception. By adding the switch to the ClientModel, we defacto allow adapter to say: "Please return me broken response, because I am not able to handle valid response." Note that this is bug in adapter, so it will be better to ask customers to rather upgrade their SAML adapters to newest version. On the other hand, we claim to support backwards compatibility. So should we add the switch or not? WDYT? Marek _______________________________________________ keycloak-dev mailing list keycloak-dev(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-dev