Univention Bugzilla – Bug 55866
univention-keycloak init only once per domain
Last modified: 2023-03-22 13:58:42 CET
https://git.knut.univention.de/univention/components/keycloak-app/-/issues/63
We want univention-keycloak init to check for the ucs realm, and if it exists just return 0. So basically it is executed only once in the domain. If it is executed (ucs realm does not exist) it creates/changes all the configuration for our keycloak (everything is fine after running init) * return 0 in init if ucs realm exists * add register extensions to init
Successful build Package: univention-keycloak Version: 1.0.9-4A~5.0.0.202303171046 Branch: ucs_5.0-0 Scope: errata5.0-3 * init only once per domain * added upgrade-config
Also remove the CSP settings from univention-keycloak and use the keycloak default (apache config takes care of the rest) Successful build Package: univention-keycloak Version: 1.0.9-7A~5.0.0.202303211910 Branch: ucs_5.0-0 Scope: errata5.0-3
Pulled in package, build and installed without any issues. KC installed and checked Content-Security-Policy is set to: frame-src 'self'; frame-ancestors 'self'; object-src 'none'; as well as X-Frame-Options is empty
<https://errata.software-univention.de/#/?erratum=5.0x620>