terraform-provider-keycloak icon indicating copy to clipboard operation
terraform-provider-keycloak copied to clipboard

Published 20 hours ago verified publisher icon mrparkers

[auth flow] allowed "authenticator" standard values should have better doc

Open semangard opened this issue 3 years ago • 1 comments

Hello,

I tried to create an authentication flow for Kerberos with (the browser flow simplified and adapted) :

resource "keycloak_authentication_flow" "kerberos_flow" {
  realm_id = var.realm_id
  alias    = "my-flow-alias"
}

resource "keycloak_authentication_execution" "kerberos_cookie" {
  realm_id          = var.realm_id
  parent_flow_alias = keycloak_authentication_flow.kerberos_flow.alias
  authenticator     = "cookie"
  requirement       = "ALTERNATIVE"
}

resource "keycloak_authentication_execution" "kerberos_kerberos" {
  realm_id          = var.realm_id
  parent_flow_alias = keycloak_authentication_flow.kerberos_flow.alias
  authenticator     = "kerberos"
  requirement       = "ALTERNATIVE"
}

resource "keycloak_authentication_execution" "kerberos_identity_provider_redirector" {
  realm_id          = var.realm_id
  parent_flow_alias = keycloak_authentication_flow.kerberos_flow.alias
  authenticator     = "identity-provider-redirector"
  requirement       = "ALTERNATIVE"
}

terraform plan is OK

BUT while applying I got the errors ::

Error: error sending POST request to /auth/admin/realms/collaborator2/authentication/flows/my-flow-alias/executions/execution: 400 Bad Request. Response body: {"error":"No authentication provider found for id: kerberos"}

Error: error sending POST request to /auth/admin/realms/collaborator2/authentication/flows/my-flow-alias/executions/execution: 400 Bad Request. Response body: {"error":"No authentication provider found for id: cookie"}

==> Values of authenticator should be documented to ease their use

Please note that cookie and kerberos are the names displayed into the console.

In one of the example you use auth-cookie , so fine I replaced it and it worked for this one. But I tried also to use auth-kerberos but it did not work for this last.

semangard avatar Oct 24 '20 04:10 semangard

OK, on https://registry.terraform.io/providers/mrparkers/keycloak/latest/docs/resources/authentication_execution it is said

"The name of the authenticator. This can be found by experimenting with the GUI and looking at HTTP requests within the network tab of your browser's development tools."

But still be niced to give at least the most common ones.

auth-spnego is the right value for kerberos

and that's also the value used by the examples : https://github.com/mrparkers/terraform-provider-keycloak/blob/master/example/main.tf

semangard avatar Oct 24 '20 05:10 semangard