[PR #9987/a8b97732 backport][stable-9] Fix Keycloak authentication flow configuration issues (#10017)

Fix Keycloak authentication flow configuration issues (#9987) * Add delete_authentication_config method and integrate it into create_or_update_executions * typo * Sanity * Add integration tests for keycloak_authentication module with README, tasks, and variables * Add copyright and license information to access_token.yml * Sanity * Refactor Keycloak integration tests: streamline README, update access token task, and enhance variable management * Maj changelogs fragments --------- Co-authored-by: Andre Desrosiers <andre.desrosiers@ssss.gouv.qc.ca> (cherry picked from commit a8b977320c) Co-authored-by: desand01 <desrosiers.a@hotmail.com>
2026-03-26 21:33:12 +00:00 · 2025-04-19 09:33:59 +02:00
parent 69bb4420d8
commit 8b1a193a49
8 changed files with 262 additions and 0 deletions
--- a/plugins/module_utils/identity/keycloak/keycloak.py
+++ b/plugins/module_utils/identity/keycloak/keycloak.py
@@ -2228,6 +2228,23 @@ class KeycloakAPI(object):
        except Exception as e:
            self.fail_open_url(e, msg="Unable to add authenticationConfig %s: %s" % (executionId, str(e)))

+    def delete_authentication_config(self, configId, realm='master'):
+        """ Delete authenticator config
+
+        :param configId: id of authentication config
+        :param realm: realm of authentication config to be deleted
+        """
+        try:
+            # Send a DELETE request to remove the specified authentication config from the Keycloak server.
+            self._request(
+                URL_AUTHENTICATION_CONFIG.format(
+                    url=self.baseurl,
+                    realm=realm,
+                    id=configId),
+                method='DELETE')
+        except Exception as e:
+            self.fail_request(e, msg="Unable to delete authentication config %s: %s" % (configId, str(e)))
+
    def create_subflow(self, subflowName, flowAlias, realm='master', flowType='basic-flow'):
        """ Create new sublow on the flow

--- a/plugins/modules/keycloak_authentication.py
+++ b/plugins/modules/keycloak_authentication.py
@@ -308,6 +308,8 @@ def create_or_update_executions(kc, config, realm='master'):
                        }
                        # add the execution configuration
                        if new_exec["authenticationConfig"] is not None:
+                            if "authenticationConfig" in execution and "id" in execution["authenticationConfig"]:
+                                kc.delete_authentication_config(execution["authenticationConfig"]["id"], realm=realm)
                            kc.add_authenticationConfig_to_execution(updated_exec["id"], new_exec["authenticationConfig"], realm=realm)
                        for key in new_exec:
                            # remove unwanted key for the next API call