-
Notifications
You must be signed in to change notification settings - Fork 40
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Implement realm otp, webauthn, webauthn passwordless and bruteforce properties #312
Implement realm otp, webauthn, webauthn passwordless and bruteforce properties #312
Conversation
@treydock do you know what i did wrong or if there is some kind of debug possibility? Properties seem to work in my own builds so i don't get why acceptance tests fail. |
The Keycloak 24.0.3 failures are the following:
|
For Keycloak 22.0.0 failures, it looks like something is configured in such a way to cause Keycloak to crash. |
2ac1e12
to
5e1787e
Compare
Thanks, despite the typo i found the issue. It's related to the old version the tests are running against. e.g. with KeyCloak 23.0.0 introduced the WebAuthn Extra Origins property (https://www.keycloak.org/docs/23.0.0/release_notes/index.html#webauthn-improvements) which was present in my initial PR. It was working in our setup as we already run KeyCloak version 24.0.5. So i just dropped the properties which are not supported by the tested KeyCloak versions (i anyway don't need them for now) |
5327112
to
31fdd37
Compare
You can only add these new properties that work with 24.x when that's the version being tested:
Then in the Puppet code for acceptance tests can do like:
I'd be fine merging with the acceptance test lines for 24.x properties commented out and work later to integrate them or just drop 22.x tests and uncomment them later. Also need to include new properties in unit tests: https://github.com/treydock/puppet-module-keycloak/blob/master/spec/unit/puppet/type/keycloak_realm_spec.rb |
a71d859
to
53ae965
Compare
410b807
to
897faab
Compare
de210d9
to
7bbc754
Compare
7bbc754
to
260f8a3
Compare
From my point of view this PR should be ready for merging now. This PR only includes settings present in at least KeyCloak 22.0.0. There might be "breaking changes" if somebody is using I also created a seperate PR (#313) for raising minimal KeyCloak to version 23.0.7 (which is out of support if not the RedHat build is used - see: https://www.keycloak.org/security.html) which might definitly be a "breaking change" for a major puppet module version. |
This will be released as 11.2.0 once Github Actions complete |
This PR implements all webauthn and bruteforce properties on a realm supported by at least Keycloak 22.0.0.
WebAuthn Extra Origins and passwordless WebAuthn properties are not yet supported as these were introduced in later Keycloak versions.