New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[RHPAM-3888] SSO integration fails for multiple Realm certificates #275
Conversation
if [ -n "$realms_certificates" ]; then | ||
if [ -n "$token" ]; then | ||
# SSO Server 7.0 | ||
realms_certificates=`$CURL -H "Accept: application/json" -H "Authorization: Bearer ${token}" ${sso_service}/admin/realms/${SSO_REALM} | $(jq '.keys[].certificate') ` |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@desmax74 , jq command line is not installed in the EAP image. I suspect that it is installed in RHPAM image right?
@jfdenise reverted the changes and applied only the jq command to retrieve the certificate with use SIG |
#SSO Server 7.1 | ||
realm_certificate=`$CURL -H "Accept: application/json" -H "Authorization: Bearer ${token}" ${sso_service}/admin/realms/${SSO_REALM}/keys | grep -Po '(?<="certificate":")[^"]*'` | ||
#SSO Server 7.1 and newer. If is 7.5 we skip certificate with use=ENC | ||
realm_certificate=`$CURL -H "Accept: application/json" -H "Authorization: Bearer ${token}" ${sso_service}/admin/realms/${SSO_REALM}/keys | $(jq '.keys[] | select( .certificate != null and .use == "SIG")') | $(jq '.certificate') ` |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This change introduce a new dependency on jq command line.
Is this fix: jboss-container-images/redhat-sso-7-openshift-image@214fca4
possibly a better candidate (no use of jq)? It covers 7.0, 7.1 to 7.4 and 7.5.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@jfdenise fix applied on the script
Signed-off-by: desmax74 <mdessi@redhat.com>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@desmax74 Thank-you. The fix looks good to me. We will handle porting this change to other branches.
@spolti we are waiting confirmation from @desmax74 that the new implementation fix (patch shared with keycloak team) actually works for his use-case, then we can merge. @luck3y thank-you for proposing, go ahead for master (23.x too perhaps?). I will handle it for v2 (some PR are currently opened and I will need to integrate the fix too there). |
@desmax74 Thank-you! Merged in 0.18.x |
See: https://issues.redhat.com/browse/RHPAM-3888