Re: [keycloak-dev] [Keycloak Operator] Modifying browserRedirectorIdentityProvider while creating a realm

Hey guys, Peter is currently working on setting the "defaultProvider" configuration parameter in the "identity-provider-redirector". The old Operator used this functionality here [1] and Peter wanted to port it to the new Operator. @Peter - if I may ask you - could you please describe the use case this is being used in? During our initial conversation, we agreed that we want to setup all Realm bits in a single REST call. In other words - Keycloak Realm CR should match exported realm JSON format. However, modifying existing browser flow hardly first into this scenario. It would require sending a JSON with full list of "authenticationFlows" as well as a full list of "authenticatorConfig" objects (as Config is matched with an authentication flow using an id). I experimented with an exported Realm and here's what I have [2]. As you probably noticed - it's enormous and very fragile (as it contains many, many options I have to set upfront). Do you have any idea how to solve this? I have three options in my head: 1) Use a second REST call (after creating a Realm) and modify the "authenticatorConfig". In other words - do everything exactly the same way the old Operator did 2) Force users to embed the full Realm configuration every time they create a Realm. 3) Create some sort of profiles in Keycloak. This way, when an Operator uses proper profile, we set the "defaultProvider" to proper value out-of-the-box. Thanks, Sebastian [1] https://github.com/integr8ly/keycloak-operator/blob/d97ee5de8c2b227d684ad... [2] https://gist.github.com/slaskawi/79847124a268b94c8391e01f13b21409#file-ke...