Univention Bugzilla – Bug 57506
OIDC grant access privileges dialog
Last modified: 2024-08-28 15:29:56 CEST
After the first login the user is prompted with a "grant access privileges" dialog. Do you grant these access privileges? User profile Email address User roles Allow access to UDM-REST API and OpenLDAP?  Yes No (a) Do we need/want this? (b) If we want that, we need to update the layout, looks a bit ugly currently (see gitlab issue)
FYI: This prompt is called "End-User Consent/Authorization" and is part of the OIDC spec: https://openid.net/specs/openid-connect-core-1_0.html#Consent > [...] the Authorization Server MUST obtain an authorization decision before releasing information to the Relying Party. [...] [T]his MAY be done through an interactive dialogue with the End-User [...] or by establishing consent via conditions for processing the request or other means (for example, via previous administrative consent).
Keycloak will no longer show the consent screen for the UMC relying party. univention-management-console.yaml d7fd2af6b599 | fix(umc): do not show the OIDC consent screen when the RP is the UMC univention-management-console (12.0.34-6) d7fd2af6b599 | fix(umc): do not show the OIDC consent screen when the RP is the UMC
5.1-0 univention-management-console (13.0.20) ecbee4ccd2a4 | fix(umc): do not show the OIDC consent screen when the RP is the UMC 5.2-0 univention-management-console (14.0.27) 372ac6b7057d | fix(umc): do not show the OIDC consent screen when the RP is the UMC
The consent screen of Keycloak will be improved with the following Keycloak app release: 25.0.1-ucs2 Commit: b417346fd5eb93875866750756698063e6fe8229 | fix(login-oauth-grant): Fix broken layout
QA: OK: new layout/theme for keycloak consent dialog OK: oidc rp is created without consent dialog (consent dialog does not show up anymore) OK: tests OK: advisories OK: 5.2 + 5.0
<https://errata.software-univention.de/#/?erratum=5.0x1109>