Hi Julien,
Executions are added to the flow in a bit different way. You need to use another endpoint
and add executions one by one. Try the following:
/kcadm.sh create authentication/flows/foo/executions/execution -f create.json
with:
{
"provider" : "idp-create-user-if-unique"
}
The "provider" attribute is the only mandatory one. (NB it's
"provider", not "providerId"). This will respond with "Created
new execution with id '...'", and you will need to parse the ID.
The execution will be created as disabled by default. To enable it, use "kcadm.sh
update":
./kcadm.sh update authentication/flows/foo/executions -f update.json
with:
{
"id" : "<execution ID>",
"requirement" : "ALTERNATIVE",
"displayName" : "Create User If Unique",
"requirementChoices" : [ "ALTERNATIVE", "REQUIRED",
"DISABLED" ],
"configurable" : true,
"providerId" : "idp-create-user-if-unique",
"level" : 0,
"index" : 0
}
BTW the best way do discover how to create things with kcadm is to open Keycloak admin
console in the browser, open Network console (F12 -> Network), perform the desired
actions and analyze payloads that the GUI sends to the REST backend.
Good luck!
Dmitry Telegin
CTO, Acutus s.r.o.
Keycloak Consulting and Training
Pod lipami street 339/52, 130 00 Prague 3, Czech Republic
+42 (022) 888-30-71
E-mail: info(a)acutus.pro
On Thu, 2018-08-02 at 09:51 +0200, Julien Pivotto wrote:
- PART 0 --
When I run:
./bin/kcadm.sh create authentication/flows -r foo -f test.json
with:
{
"id" : "testtest2",
"alias" : "first broker login without review 2",
"description" : "Actions taken after first broker login with identity
provider account, which is not yet linked to any Keycloak account",
"providerId" : "basic-flow",
"topLevel" : true,
"builtIn" : false,
"authenticationExecutions" : [ {
"authenticator" : "idp-create-user-if-unique",
"requirement" : "ALTERNATIVE",
"priority" : 20,
"userSetupAllowed" : false,
"autheticatorFlow" : false
} ]
}
Then the authenticationExecutions is discarded and the flow has no execution.
-- PART 1 --
When I run:
./bin/kcadm.sh create
authentication/flows/first%20broker%20login%20without%20review/executions -r foo -f
test.json
with:
[ {
"id" : "c0f4ae10-7e26-4566-a113-b1235920f69a",
"requirement" : "ALTERNATIVE",
"displayName" : "Create User If Unique",
"requirementChoices" : [ "ALTERNATIVE", "REQUIRED",
"DISABLED" ],
"configurable" : true,
"providerId" : "idp-create-user-if-unique",
"level" : 0,
"index" : 0
}, {
"id" : "31882673-e8fc-4b24-8e11-4dd400acb9c7",
"requirement" : "ALTERNATIVE",
"displayName" : "Link IDP Login",
"requirementChoices" : [ "ALTERNATIVE", "DISABLED" ],
"configurable" : false,
"providerId" : "link-idp-login-authenticator",
"level" : 0,
"index" : 1
} ]
I get a 500
09:36:47,808 ERROR [org.keycloak.services.error.KeycloakErrorHandler] (default task-2)
Uncaught server error: com.fasterxml.jack
son.databind.JsonMappingException: Can not deserialize instance of
org.keycloak.representations.idm.AuthenticationExecutionInfoRepresentation out of
START_ARRAY
token
> at [Source: io.undertow.servlet.spec.ServletInputStreamImpl@41d5dda8; line: 1,
column: 1]
at
com.fasterxml.jackson.databind.JsonMappingException.from(JsonMappingException.java:270)
at
com.fasterxml.jackson.databind.DeserializationContext.reportMappingException(DeserializationContext.java:1234)
at
com.fasterxml.jackson.databind.DeserializationContext.handleUnexpectedToken(DeserializationContext.java:1122)
at
com.fasterxml.jackson.databind.DeserializationContext.handleUnexpectedToken(DeserializationContext.java:1075)
at
com.fasterxml.jackson.databind.deser.BeanDeserializerBase.deserializeFromArray(BeanDeserializerBase.java:1371)
at
com.fasterxml.jackson.databind.deser.BeanDeserializer._deserializeOther(BeanDeserializer.java:174)
at
com.fasterxml.jackson.databind.deser.BeanDeserializer.deserialize(BeanDeserializer.java:150)
at
com.fasterxml.jackson.databind.ObjectReader._bind(ObjectReader.java:1583)
at
com.fasterxml.jackson.databind.ObjectReader.readValue(ObjectReader.java:964)
at
org.jboss.resteasy.plugins.providers.jackson.ResteasyJackson2Provider.readFrom(ResteasyJackson2Provider.java:134)
at
org.jboss.resteasy.core.interception.AbstractReaderInterceptorContext.readFrom(AbstractReaderInterceptorContext.java:
66)
at
org.jboss.resteasy.core.interception.ServerReaderInterceptorContext.readFrom(ServerReaderInterceptorContext.java:61)
at
org.jboss.resteasy.core.interception.AbstractReaderInterceptorContext.proceed(AbstractReaderInterceptorContext.java:5
6)
at
org.jboss.resteasy.security.doseta.DigitalVerificationInterceptor.aroundReadFrom(DigitalVerificationInterceptor.java:
36)
at
org.jboss.resteasy.core.interception.AbstractReaderInterceptorContext.proceed(AbstractReaderInterceptorContext.java:5
9)
at
org.jboss.resteasy.core.MessageBodyParameterInjector.inject(MessageBodyParameterInjector.java:151)
at
org.jboss.resteasy.core.MethodInjectorImpl.injectArguments(MethodInjectorImpl.java:92)
-- THEREFORE --
How can I create a flow with executions with the cli?
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user