Create SAML client with keycloak admin api wrong value for signing #28390
Labels
area/admin/api
area/saml
Indicates an issue on SAML area
kind/bug
Categorizes a PR related to a bug
priority/low
team/core-clients
Milestone
Before reporting an issue
Area
admin/api
Describe the bug
I am using the keycloak admin api in my own java application to administrate keycloak from there.
Now i want to create a SAMl client from there.
In my SP metadata signing is set to false (e.g. AuthnRequestsSigned="false") and I'm not providing any certificate.
When I create a SAML client with this metadata in the keycloak admin api, the resulting client doesn't have the right value for 'Client signature required' (it's always true). Everything else seems to be converted correctly from the metadata and the client is created successfully.
If I use the import client function in the keycloak admin console (web) I can see the switch for 'Client signature required' is turning on or off based on the metadata I'm providing and the client is created with the rigth value for this.
Version
24.0.2
Regression
Expected behavior
The SAML client I'm creating with the admin api in my java app should have 'Client signature required' based on the SP metadata.
Actual behavior
The SAML client always has 'Client signature required' set to true.
How to Reproduce?
Check the client and see that 'Client signature required' is set to true.
Create a client with the admin console (web) using the same metadata as before. This client has 'Client signature required' set based on the metadata.
Anything else?
Example SP metadata with signing=false
Example SP metadata with signing=true
The text was updated successfully, but these errors were encountered: