Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Conditionally check application of configuration based on enabled features #909

Open
bjconlan opened this issue Aug 7, 2023 · 1 comment
Open

Conditionally check application of configuration based on enabled features #909

bjconlan opened this issue Aug 7, 2023 · 1 comment
Assignees
@AssahBismarkabah
Labels
enhancement

Comments

@bjconlan
Copy link

bjconlan commented Aug 7, 2023

Problem Statement

We were using keycloak-config-cli:5.6.0 for keycloak 21.1.1 and recently updated to the latest keycloak-config-cli:5.8.0 release.

Upon applying our configuration with the tool we noticed that the server would response with ERROR [org.keycloak.services.error.KeycloakErrorHandler] (executor-thread-0) Uncaught server error: javax.ws.rs.WebApplicationException: Feature not enabled and have the keycloak-config-cli tool exist with an error status.

Further debugging outlined that this was due to the 'client-policies' feature being disabled on our instance.

The resolution to this issue might be as simple as 'user error' (see below regarding default configuration settings) but perhaps it might also be useful to have conditional behaviour based on the enabled/disabled feature flags.

Proposed Solution

Conditionally run configuration details based on active feature flags of the server

Environment

  • Keycloak Version: 21.1.1
  • keycloak-config-cli Version: 5.8.0
  • Java Version: 17

Additional information

As a work around we were able to simply remove the attributes from our base config (which came from a keycloak 15 realm dump):

  "clientProfiles": {
    "profiles": []
  },
  "clientPolicies": {
    "policies": []
  }

And on removing these configuration attributes we were able to again get successful runs using the latest keycloak-config-cli. (the server still responds with the 'Feature not enabled' error logs but this is acceptable for us provided the keycloak-config-cli execution completes.

Acceptance Criteria

  • [] As a user with a previous keycloak 15 (pre quarkus/feature-flags) realm dump
  • [] Using a quarkus based keycloak implementation with selected feature flags enabled/disabled
  • [] Running the keycloak-config-cli
  • [] Should result in a valid configuration application (omitting configuration if the feature is disabled; ie client-polices)
@BreakBB
Copy link
Contributor

BreakBB commented Jul 24, 2024

With Keycloak 25.0.2 and the docker image keycloak-config-cli:6.1.5-25.0.1 the error message is still raised, suggesting keycloak-config-cli is not checking for enabled features.

Our server info, listing the enabled and disabled features:

image

As you can see CLIENT_POLICIES is indeed disabled.

The stack trace of the error points to this location inside of Keycloak:

https://github.com/keycloak/keycloak/blob/913a2aa07195b6545d2bc27176b97a1216d0f8e9/services/src/main/java/org/keycloak/services/resources/admin/RealmAdminResource.java#L1233-L1237

@AssahBismarkabah AssahBismarkabah moved this from Todo to Ready for Dev in os-competence-center-board Dec 17, 2024
@AssahBismarkabah AssahBismarkabah self-assigned this Dec 17, 2024
@AssahBismarkabah AssahBismarkabah moved this from Ready for Dev to In Progress in os-competence-center-board Dec 17, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@AssahBismarkabah AssahBismarkabah

Labels
enhancement
Projects
os-competence-center-board
Status: In Progress
Milestone
No milestone
Development

No branches or pull requests
3 participants
@bjconlan @BreakBB @AssahBismarkabah