Bug 55968 – Make it more clear that Keycloak doesn't support external domainnames yet

Bug 55968 - Make it more clear that Keycloak doesn't support external domainnames yet


Summary:	Make it more clear that Keycloak doesn't support external domainnames yet

Status:	NEW

Product:	UCS
Classification:	Unclassified
Component:	Keycloak
Version:	UCS 5.0
Hardware:	Other Mac OS X 10.1

Importance:	P5 normal (vote)
Target Milestone:	---
Assigned To:	UCS maintainers
QA Contact:	UCS maintainers

URL:
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2023-04-13 16:18 CEST by Ingo Jürgensmann
Modified:	2023-04-19 08:29 CEST (History)
CC List:	4 users (show)

See Also:	55967
What kind of report is it?:	Bug Report
What type of bug is this?:	5: Major Usability: Impairs usability in key scenarios
Who will be affected by this bug?:	1: Will affect a very few installed domains
How will those affected feel about the bug?:	5: Blocking further progress on the daily work
User Pain:	0.143
Enterprise Customer affected?:	Yes
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Ingo Jürgensmann

2023-04-13 16:18:28 CEST

When configuring Keycloak customers can enter the Keycloak FQDN, but there is no warning in the config dialogue that only the result of ucr get domainname can be used, nor that anything else than ucs-sso-ng will work. 

In current documentation of the Keycloak App it it stated on https://docs.software-univention.de/keycloak-app/latest/installation.html: 

The URL has the following scheme: https://ucs-sso-ng.$domainname/admin/. The $domainname is your UCS domain name.

There is no "Warning" section to emphasize the importance of this sentence and thus the customer might overlook it and will run into issues at a later time, see #55966 and #55967 as well. 

Maybe it is also good to include this under "Requirements and limitations" as well?

Comment 2 Ingo Steuwer

2023-04-18 15:15:50 CEST

I assume w won't fix this as #55967 will be implemented and documented.

Comment 4 Ingo Jürgensmann

2023-04-19 08:29:52 CEST

(In reply to Ingo Steuwer from comment #2)
> I assume w won't fix this as #55967 will be implemented and documented.

Yes, #55967 will be the proper fix, but the reason for this one is: 
As long as #55967 hasn't been fixed, customers will run into this problem over and over again and having the docs clearly state the issue might reduce the impact for customers as long as #55967 is still open. 

If #55967 is fixed, #55968 will be automatically irrelevant and the statement about external or custom domains should be removed again.