Unable to accept keycloak's Terms and Conditions
This is an upstream regression introduced with keycloak 21 https://github.com/keycloak/keycloak/issues/17277
Reported in our bugtracker https://bugs.archlinux.org/task/77881
Scheduled to be fixed with keycloak 22.
In the meantime workarounds if we are to follow, see below:
Investigation
Authendication Providers affected
select alias, provider_id from required_action_provider where alias like '%terms%' or provider_id like '%terms%';
alias | provider_id
----------------------+----------------------
terms_and_conditions | terms_and_conditions
terms_and_conditions | terms_and_conditions
(2 rows)
Users affected
select count (*) from user_required_action where required_action like '%terms%';
count
-------
369
(1 row)
Solution
Backup affected tables
- Stop Keycloak
As
postgres
user execute
pg_dump --username postgres --format plain --verbose --file "/var/tmp/$(date +"%Y%m%d")_keycloak.required_action_provider.sql" --table required_action_provider keycloak
pg_dump --username postgres --format plain --verbose --file "/var/tmp/$(date +"%Y%m%d")_keycloak.user_required_action.sql" --table user_required_action keycloak
- Start Keycloak
Perform workaround
- Stop Keycloak
- Execute below SQL updates
UPDATE required_action_provider
SET
alias = 'TERMS_AND_CONDITIONS'
, provider_id = 'TERMS_AND_CONDITIONS'
WHERE
alias LIKE '%terms%'
OR provider_id like '%terms%';
UPDATE user_required_action
SET
required_action = 'TERMS_AND_CONDITIONS'
WHERE
required_action like '%terms%';
COMMIT;
- Start Keycloak
Rollback affected tables
- Stop Keycloak
As
postgres
user execute
psql -d keycloak -f < "/var/tmp/*_keycloak.required_action_provider.sql"
psql -d keycloak -f < "/var/tmp/*_keycloak.user_required_action.sql"
- Start Keycloak