Disabling "Review Profile" for "First Broker Login"

[embody]

Hi! We've tried to disable the "Review Profile" Auth Type for the "First Broker Login" Authentication configuration, as here the user would have the possibility to specify information that is not issued by the underlying IdP. I've tried it with the keycloak_authentication_execution but just managed to get new flows or errors which where stating, that a built in flow can't be altered. Have I missed something here or is it at the moment not possible?

[cpesch]

Seems to relate to https://github.com/mrparkers/terraform-provider-keycloak/issues/296

[Marcus-James-Adams]

Whilst I'm a bit late to the party, I too had the same error, after much blood sweat, and tears looking at the exported JSON and working out what resource names matched up I came up with the following workaround.

It does not disable it, because as you said you can't change an existing option - but you can turn it off using the config behind

data "keycloak_authentication_flow" "first_broker_login" {
  realm_id = keycloak_realm.finocomp_realm.id
  alias = "first broker login"
}

data "keycloak_authentication_execution" "first_broker_login" {
  realm_id          = keycloak_realm.finocomp_realm.id
  parent_flow_alias = data.keycloak_authentication_flow.first_broker_login.alias
  provider_id       = "idp-review-profile"
}

resource "keycloak_authentication_execution_config" "first_broker_login" {
  realm_id     = keycloak_realm.finocomp_realm.id
  execution_id = data.keycloak_authentication_execution.first_broker_login.id
  alias        = "review profile config"
  config = {
     "update.profile.on.first.login" = "off"
   }
}