- Issue created by @BramDriesen
- Status changed to Needs review
over 1 year ago 10:09am 6 June 2023 - π§πͺBelgium cedricl
Fixed issues for the keycloak groups. Some keys in the config file changed names, so did the config file itself. There are still others that need to be changed. But keycloak group mapping is working with this patch.
- π§πͺBelgium JeroenT π§πͺ
I worked a bit on the following issues, which should improve openid_connect 3.x support:
β¨ Stop manually removing config of keycloak on uninstall Fixed
π Keycloak config form stopped working correctly since openid_connect 3.x Fixed
π [openid_connect 3.x] Support role mapping FixedThe above issues contain improvements to the config schema, config form and role mapping (which currently doesn't work).
I also created β¨ [Openid_connect 3.x] - Support session check Active .
We don't use the session check functionality in our project, but I believe it doesn't work right now with openid_connect 3.x. - π§πͺBelgium BramDriesen Belgium π§πͺ
because config is no longer stored in openid_connect.settings.keycloak, but in openid_connect.client.keycloak
Yeah, that's one of the biggest breaking changes in openid_connect 3.x. There might still be some other leftovers here an there.
Again thank you for your work Jeroen!
- Status changed to Active
over 1 year ago 8:40am 15 June 2023 - π§πͺBelgium BramDriesen Belgium π§πͺ
The patch which was added here is covered in π [openid_connect 3.x] Support role mapping Fixed
- π¨π¦Canada joseph.olstad
is anyone successfully using openid_connect 3.x ? I'm considering upgrading to D10 shortly.
I'd like to have a D10 upgrade done by friday but I think this is about the one module that might stop us from achieving that. Wondering how much work is left? - π§πͺBelgium BramDriesen Belgium π§πͺ
Hey @joseph.olstad we are using it on a few D10 projects. The largest chunk of functionality is working. It's only a few things like single-sign-out (if you sign out of keycloak you sign out of drupal or vice versa, can't remember exactly).
- π¨π¦Canada joseph.olstad
ok thanks for that, sounds good, I'll upgrade to D10 and deal with the remaining issues later
btw, on your sites that have single signout issues, are they by chance using varnish? - π§πͺBelgium BramDriesen Belgium π§πͺ
We use Varnish on most of our projects yes.
- πΈπͺSweden auth
The issue 3390391 (Add keycloak support for multple instances from openid_connect 3.x) π Add keycloak support for multple instances from openid_connect 3.x Needs review aims to integrate this keycloak module in a way that support multiple clients. In issue 3390391 the functionality for single sign in ( 3382665 π Replace Drupal login with Keycloak single sign-on (SSO) is not working Active ) and single sign out ( 3365872 β¨ [Openid_connect 3.x] - Support session check Active , 3107127 π Can't get SingleSignOut to work Active ) is handled as well.
Is that approach something that could be considered a good path to reaching a stable keycoak module?
- π§πͺBelgium BramDriesen Belgium π§πͺ
That is indeed one big hurdle that we still need to fix! Thanks for your effort by the way π
I think indeed if the multiple instances, and sign in/out issues are fixed we have most of it ready. At least for an RC I think!
- π©πͺGermany J-Lee π©πͺπͺπΊ
I think, π Add keycloak support for multple instances from openid_connect 3.x Needs review should be part of this.
- π§πͺBelgium BramDriesen Belgium π§πͺ
Indeed, it was mentioned in #18 as well.
Adding it to the issue description.
- π§πͺBelgium BramDriesen Belgium π§πͺ
Wondering if we should also drop D8 & D9 Support on the 2.2.x branch.
