[RHPAM-3888] SSO integration fails for multiple Realm certificates #275
Conversation
| if [ -n "$realms_certificates" ]; then | ||
| if [ -n "$token" ]; then | ||
| # SSO Server 7.0 | ||
| realms_certificates=`$CURL -H "Accept: application/json" -H "Authorization: Bearer ${token}" ${sso_service}/admin/realms/${SSO_REALM} | $(jq '.keys[].certificate') ` |
There was a problem hiding this comment.
@desmax74 , jq command line is not installed in the EAP image. I suspect that it is installed in RHPAM image right?
|
@jfdenise reverted the changes and applied only the jq command to retrieve the certificate with use SIG |
| #SSO Server 7.1 | ||
| realm_certificate=`$CURL -H "Accept: application/json" -H "Authorization: Bearer ${token}" ${sso_service}/admin/realms/${SSO_REALM}/keys | grep -Po '(?<="certificate":")[^"]*'` | ||
| #SSO Server 7.1 and newer. If is 7.5 we skip certificate with use=ENC | ||
| realm_certificate=`$CURL -H "Accept: application/json" -H "Authorization: Bearer ${token}" ${sso_service}/admin/realms/${SSO_REALM}/keys | $(jq '.keys[] | select( .certificate != null and .use == "SIG")') | $(jq '.certificate') ` |
There was a problem hiding this comment.
This change introduce a new dependency on jq command line.
Is this fix: jboss-container-images/redhat-sso-7-openshift-image@214fca4
possibly a better candidate (no use of jq)? It covers 7.0, 7.1 to 7.4 and 7.5.
There was a problem hiding this comment.
@jfdenise fix applied on the script
Signed-off-by: desmax74 <mdessi@redhat.com>
|
@spolti we are waiting confirmation from @desmax74 that the new implementation fix (patch shared with keycloak team) actually works for his use-case, then we can merge. @luck3y thank-you for proposing, go ahead for master (23.x too perhaps?). I will handle it for v2 (some PR are currently opened and I will need to integrate the fix too there). |
|
@desmax74 Thank-you! Merged in 0.18.x |
See: https://issues.redhat.com/browse/RHPAM-3888