Skip to content

Unable to update default browserFlow in master realm #143

New issue
New issue
Open
Open
Unable to update default browserFlow in master realm#143
Assignees
zmotsoMykolaMarusenko
@Marcel-Jansen

Description

@Marcel-Jansen
Marcel-Jansen
opened on Mar 26, 2025

Describe the bug
The Keycloak Operator does not update the default browserFlow in the master realm, even though the same configuration works for other realms. The authentication flow with alias idp-redirector exists but is not set as the default browserFlow in the master realm.

To Reproduce

What did you do?

Applied the following ClusterKeycloakRealm YAML to update the browserFlow in the master realm:

apiVersion: v1.edp.epam.com/v1alpha1
kind: ClusterKeycloakRealm
metadata:
  name: master
spec:
  authenticationFlows:
    browserFlow: idp-redirector
  clusterKeycloakRef: keycloak-ghe
  displayName: master
  realmName: master
  themes:
    accountTheme: null
    adminConsoleTheme: null
    emailTheme: null
    loginTheme: my-own-theme
status:
  available: true
  value: OK

Additionally, applied the following KeycloakAuthFlow YAML to configure the authentication flow:

apiVersion: v1.edp.epam.com/v1
kind: KeycloakAuthFlow
metadata:
  name: keycloak-idp-redirector
spec:
  realmRef:
    name: master
    kind: ClusterKeycloakRealm
  alias: idp-redirector
  description: Default redirect to myOrganization IdP
  providerId: basic-flow
  topLevel: true
  builtIn: false
  authenticationExecutions:
    - authenticator: "auth-cookie"
      priority: 0
      requirement: "ALTERNATIVE"
    - authenticator: "identity-provider-redirector"
      priority: 1
      requirement: "ALTERNATIVE"
      authenticatorConfig:
        alias: myOrganization IdP
        config:
          "defaultProvider": "myOrganization"

What did you expect to see?

The browserFlow should be updated to idp-redirector in the master realm.

What did you see instead? Under which circumstances?

  • The browserFlow was not updated in the master realm.
  • The same approach works in non-master realms.
  • Other properties like loginTheme in the master realm are successfully updated.
  • The ClusterKeycloakRealm YAML is accepted without errors (status OK).

Kubernetes cluster type:

I am using Minikube for local development.

$ kubectl version
Client Version: v1.32.3
Kustomize Version: v5.5.0
Server Version: v1.31.0

Screenshots

Image

Additional context

  • The authentication flow idp-redirector exists and is correctly configured.
  • Other realms update their browserFlow successfully.
  • This issue seems specific to the master realm.

Metadata

Metadata

Assignees

Labels

No labels
No labels

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions