I am testing Puppet changes needed to support Keycloak 4.2.1 after supporting 3.4.x and discovered I’m unable to change the consentRequired field for protocol mappers. Is this expected behavior or a bug? The behavior is the same if I update the resource using a full JSON file too which is what I have Puppet doing. Based on my read of 4.0.0 upgrade docs it looks like “Consent Required” was removed so is the JSON value now read-only? Thanks, - Trey [root@centos-7-x64 /]# /opt/keycloak/bin/kcadm-wrapper.sh update client-scopes/saml/protocol-mappers/models/f56be3eb-5986-5366-b209-dd6a9269e7b9 -r test -s consentRequired=true -o Logging into http://localhost:8080/auth as user admin of realm master { "id" : "f56be3eb-5986-5366-b209-dd6a9269e7b9", "name" : "email", "protocol" : "saml", "protocolMapper" : "saml-user-property-mapper", "consentRequired" : false, "config" : { "user.attribute" : "email", "friendly.name" : "email", "attribute.name" : "email" } } [root@centos-7-x64 /]# cat /tmp/test.json { "id": "f56be3eb-5986-5366-b209-dd6a9269e7b9", "name": "email", "protocol": "saml", "protocolMapper": "saml-user-property-mapper", "consentRequired": true, "config": { "user.attribute": "email", "friendly.name": "email", "attribute.name": "email" } } [root@centos-7-x64 /]# /opt/keycloak/bin/kcadm-wrapper.sh update client-scopes/saml/protocol-mappers/models/f56be3eb-5986-5366-b209-dd6a9269e7b9 -r test -f /tmp/test.json Logging into http://localhost:8080/auth as user admin of realm master [root@centos-7-x64 /]# /opt/keycloak/bin/kcadm-wrapper.sh get client-scopes/saml/protocol-mappers/models/f56be3eb-5986-5366-b209-dd6a9269e7b9 -r test Logging into http://localhost:8080/auth as user admin of realm master { "id" : "f56be3eb-5986-5366-b209-dd6a9269e7b9", "name" : "email", "protocol" : "saml", "protocolMapper" : "saml-user-property-mapper", "consentRequired" : false, "config" : { "user.attribute" : "email", "friendly.name" : "email", "attribute.name" : "email" } } -- Trey Dockendorf HPC Systems Engineer Ohio Supercomputer Center