First Last Prev Next    This bug is not in your last search results.
Bug 55866 - univention-keycloak init only once per domain
univention-keycloak init only once per domain
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: Keycloak
UCS 5.0
Other Linux
: P5 normal (vote)
: UCS 5.0-3-errata
Assigned To: Felix Botner
Nikola Radovanovic
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2023-03-09 13:43 CET by Felix Botner
Modified: 2023-03-22 13:58 CET (History)
0 users

See Also:
What kind of report is it?: Feature Request
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Comment 1 Felix Botner univentionstaff 2023-03-09 13:45:19 CET 
We want univention-keycloak init to check for the ucs realm, and if it exists just return 0. So basically it is executed only once in the domain.

If it is executed (ucs realm does not exist) it creates/changes all the configuration for our keycloak (everything is fine after running init)

* return 0 in init if ucs realm exists
* add register extensions to init
Comment 2 Felix Botner univentionstaff 2023-03-17 10:53:00 CET 
Successful build
Package: univention-keycloak
Version: 1.0.9-4A~5.0.0.202303171046
Branch: ucs_5.0-0
Scope: errata5.0-3

* init only once per domain
* added upgrade-config
Comment 3 Felix Botner univentionstaff 2023-03-21 19:22:13 CET 
Also remove the CSP settings from univention-keycloak and use the keycloak default (apache config takes care of the rest)

Successful build
Package: univention-keycloak
Version: 1.0.9-7A~5.0.0.202303211910
Branch: ucs_5.0-0
Scope: errata5.0-3
Comment 4 Nikola Radovanovic univentionstaff 2023-03-22 08:51:34 CET 
Pulled in package, build and installed without any issues.

KC installed and checked Content-Security-Policy is set to:

  frame-src 'self'; frame-ancestors 'self'; object-src 'none';

as well as X-Frame-Options is empty
First Last Prev Next    This bug is not in your last search results.