terraform-provider-keycloak
terraform-provider-keycloak copied to clipboard
Disabling "Review Profile" for "First Broker Login"
Hi! We've tried to disable the "Review Profile" Auth Type for the "First Broker Login" Authentication configuration, as here the user would have the possibility to specify information that is not issued by the underlying IdP. I've tried it with the keycloak_authentication_execution but just managed to get new flows or errors which where stating, that a built in flow can't be altered. Have I missed something here or is it at the moment not possible?
Seems to relate to https://github.com/mrparkers/terraform-provider-keycloak/issues/296
Whilst I'm a bit late to the party, I too had the same error, after much blood sweat, and tears looking at the exported JSON and working out what resource names matched up I came up with the following workaround.
It does not disable it, because as you said you can't change an existing option - but you can turn it off using the config behind
data "keycloak_authentication_flow" "first_broker_login" {
realm_id = keycloak_realm.finocomp_realm.id
alias = "first broker login"
}
data "keycloak_authentication_execution" "first_broker_login" {
realm_id = keycloak_realm.finocomp_realm.id
parent_flow_alias = data.keycloak_authentication_flow.first_broker_login.alias
provider_id = "idp-review-profile"
}
resource "keycloak_authentication_execution_config" "first_broker_login" {
realm_id = keycloak_realm.finocomp_realm.id
execution_id = data.keycloak_authentication_execution.first_broker_login.id
alias = "review profile config"
config = {
"update.profile.on.first.login" = "off"
}
}