[keycloak-user] Unable to change consentRequired value for protocol mappers using Keycloak 4.2.1

Dockendorf, Trey tdockendorf at osc.edu
Fri Aug 3 14:08:23 EDT 2018 

I am testing Puppet changes needed to support Keycloak 4.2.1 after supporting 3.4.x and discovered I’m unable to change the consentRequired field for protocol mappers.  Is this expected behavior or a bug?  The behavior is the same if I update the resource using a full JSON file too which is what I have Puppet doing.  Based on my read of 4.0.0 upgrade docs it looks like “Consent Required” was removed so is the JSON value now read-only?

Thanks,
- Trey

[root at centos-7-x64 /]# /opt/keycloak/bin/kcadm-wrapper.sh update client-scopes/saml/protocol-mappers/models/f56be3eb-5986-5366-b209-dd6a9269e7b9 -r test -s consentRequired=true -o
Logging into http://localhost:8080/auth as user admin of realm master
{
  "id" : "f56be3eb-5986-5366-b209-dd6a9269e7b9",
  "name" : "email",
  "protocol" : "saml",
  "protocolMapper" : "saml-user-property-mapper",
  "consentRequired" : false,
  "config" : {
    "user.attribute" : "email",
    "friendly.name" : "email",
    "attribute.name" : "email"
  }
}

[root at centos-7-x64 /]# cat /tmp/test.json
{
  "id": "f56be3eb-5986-5366-b209-dd6a9269e7b9",
  "name": "email",
  "protocol": "saml",
  "protocolMapper": "saml-user-property-mapper",
  "consentRequired": true,
  "config": {
    "user.attribute": "email",
    "friendly.name": "email",
    "attribute.name": "email"
  }
}
[root at centos-7-x64 /]# /opt/keycloak/bin/kcadm-wrapper.sh update client-scopes/saml/protocol-mappers/models/f56be3eb-5986-5366-b209-dd6a9269e7b9 -r test -f /tmp/test.json
Logging into http://localhost:8080/auth as user admin of realm master
[root at centos-7-x64 /]# /opt/keycloak/bin/kcadm-wrapper.sh get client-scopes/saml/protocol-mappers/models/f56be3eb-5986-5366-b209-dd6a9269e7b9 -r test
Logging into http://localhost:8080/auth as user admin of realm master
{
  "id" : "f56be3eb-5986-5366-b209-dd6a9269e7b9",
  "name" : "email",
  "protocol" : "saml",
  "protocolMapper" : "saml-user-property-mapper",
  "consentRequired" : false,
  "config" : {
    "user.attribute" : "email",
    "friendly.name" : "email",
    "attribute.name" : "email"
  }
}

--
Trey Dockendorf
HPC Systems Engineer
Ohio Supercomputer Center

More information about the keycloak-user mailing list