keycloak-config-cli icon indicating copy to clipboard operation
keycloak-config-cli copied to clipboard

Published 20 hours ago verified publisher icon adorsys

Support multiple post.logout.redirect.uris

Open andres32168 opened this issue 3 years ago • 2 comments

Problem Statement

Currently it's not possible to add more then 1 post.logout.redirect.uri in yaml config

This is possible: ` clients:

  • clientId: my-client1 protocol: openid-connect enabled: true name: my-client1 description: n.a. bearerOnly: false publicClient: true standardFlowEnabled: true implicitFlowEnabled: false directAccessGrantsEnabled: false serviceAccountsEnabled: false attributes: pkce.code.challenge.method: S256 use.refresh.tokens: true post.logout.redirect.uris: /URI1 `

This is not possible and will give an error

Cannot deserialize value of type java.lang.String from Array value (token JsonToken.START_ARRAY) at [Source: UNKNOWN; byte offset: #UNKNOWN] (through reference chain: de.adorsys.keycloak.config.model.RealmImport["clients"]->java.util.ArrayList[6]->org.keycloak.representations.idm.ClientRepresentation["attributes"]->java.util.LinkedHashMap["post.logout.redirect.uris"])

`

  • clientId: my-client1 protocol: openid-connect enabled: true name: my-client1 description: n.a. bearerOnly: false publicClient: true standardFlowEnabled: true implicitFlowEnabled: false directAccessGrantsEnabled: false serviceAccountsEnabled: false attributes: pkce.code.challenge.method: S256 use.refresh.tokens: true post.logout.redirect.uris: - /URI1 - /URI2 - /URI3 `

Proposed Solution

No response

Environment

  • Keycloak Version: 19.0.0, 19.0.1
  • keycloak-config-cli Version: v5.3.0, v5.3.1
  • Java Version: 11

Additional information

It's possible to allow all configured redirect.uris with +

like post.logout.redirect.uris: '+'

This is only a workaround because post.logout.redirect.uris and redirect.uris can be different.

Acceptance Criteria

  • As a user I'd like to add more then 1 post.logout.redirect.uris

andres32168 avatar Oct 17 '22 11:10 andres32168

AFAIK, attributes are all strings. For multivalued attributes, values are simply separated by ##, so

post.logout.redirect.uris: "/URI1##/URI2##/URI3"

keycloak-config-cli format is (almost) the same as that of an export from Keycloak itself, where you can see this ## separator. Or in the code, see: https://github.com/keycloak/keycloak/blob/6efa45f93ee385ede866d66ebb0f6284abdb4f57/services/src/main/java/org/keycloak/protocol/oidc/AbstractClientConfigWrapper.java#L65-L69 and https://github.com/keycloak/keycloak/blob/f49582cf63db5b83b399e43a1530b06b18edfad4/server-spi-private/src/main/java/org/keycloak/models/Constants.java#L109-L114

tbroyer avatar Oct 20 '22 15:10 tbroyer

How about creating a PR with a doc snippet for https://github.com/adorsys/keycloak-config-cli/blob/main/docs/FEATURES.md ?

thomasdarimont avatar Nov 03 '22 10:11 thomasdarimont