Registration flow executions not found

[dglozano]

Describe what happened

I am trying to recreate the default registration flow.
However, when trying to create the registration-user-creation execution step it fails saying that's not a valid name authenticator.
I think it might be because in the API it expects these registration executions to be added using providerId instead of authenticator name.
However, this is not allowed in the current version of the library.

Sample program

    const flow = new Flow(
        'custom-registration',
        {
            realmId: realm.id,
            alias: 'custom-registration',
            description: 'Custom registration form. Managed by Pulumi.',
        });

    const registrationForm = new Subflow(
        'custom-registration:form',
        {
            realmId: realm.id,
            parentFlowAlias: flow.alias,
            alias: 'registration-page-form',
            authenticator: 'registration-page-form',
            description: 'Custom registration form. Managed by Pulumi.',
            providerId: 'form-flow',
            requirement: 'REQUIRED',
        },
        {
            dependsOn: [flow],
        });

    const userProfileCreation = new Execution(
        'custom-registration:userprofile',
        {
            realmId: realm.id,
            parentFlowAlias: flow.alias,
            authenticator: 'registration-user-creation',
            requirement: 'REQUIRED',
        },
        {
            dependsOn: [registrationForm],
        });

Log output

	* error sending POST request to //admin/realms/easee-dev/authentication/flows/custom-registration/executions/execution: 400 Bad Request. Response body: {"error":"No authentication provider found for id: registration-user-creation","error_description":"For more on this error consult the server log at the debug level."}

Affected Resource(s)

No response

Output of pulumi about

CLI
Version 3.118.0
Go Version go1.22.3
Go Compiler gc

Plugins
KIND NAME VERSION
resource aws 6.49.1
resource keycloak 5.3.3
language nodejs unknown
resource random 4.14.0

Host
OS darwin
Version 14.6.1
Arch arm64

This project is written in nodejs: executable='/Users/dglozano/.nvm/versions/node/v21.4.0/bin/node' version='v21.4.0'

Additional context

No response

Contributing

Vote on this issue by adding a 👍 reaction.
To contribute a fix for this issue, leave a comment (and link to your pull request, if you've opened one already).

[iwahbe]

Hi @dglozano. Thanks for raising an issue.

I think it might be because in the API it expects these registration executions to be added using providerId instead of authenticator name.
However, this is not allowed in the current version of the library.

What do you mean "this is not allowed"?

The documentation for authenticator describes it as:

The name of the authenticator. This can be found by experimenting with the GUI and looking at HTTP requests within the network tab of your browser's development tools.

Are you sure that registration-user-creation exists in your environment?

[dglozano]

@iwahbe

registration-user-creation exists by default in keycloak. It's one of the executions step of the default registration flow.

Keep in mind that is no a "normal" authenticator provider (returned in GET /admin/realms/myrealm/authentication/authenticator-providers) but a "form action provider" (returned in GET /admin/realms/myrealm/authentication/form-action-providers)

[
  {
    "displayName": "reCAPTCHA Enterprise",
    "description": "Adds Google reCAPTCHA Enterprise to the form.",
    "id": "registration-recaptcha-enterprise"
  },
  {
    "displayName": "reCAPTCHA",
    "description": "Adds Google reCAPTCHA to the form.",
    "id": "registration-recaptcha-action"
  },
  {
    "displayName": "Registration User Profile Creation",
    "description": "This action must always be first! Validates the username and user profile of the user in validation phase.  In success phase, this will create the user in the database including his user profile.",
    "id": "registration-user-creation"
  },
  {
    "displayName": "Password Validation",
    "description": "Validates that password matches password confirmation field.  It also will store password in user's credential store.",
    "id": "registration-password-action"
  },
  {
    "displayName": "Terms and conditions",
    "description": "Asks the user to accept terms and conditions before submitting its registration form.",
    "id": "registration-terms-and-conditions"
  }
]

And it gets added by making

POST /admin/realms/realm/authentication/flows/my%20registration%20flow%20registration%20form/executions/execution
{"provider":"registration-user-creation"}

I think you can disregard this comment ⬇

I think it might be because in the API it expects these registration executions to be added using providerId instead of authenticator name.
However, this is not allowed in the current version of the library.

I got confused because the library calls it authenticator whereas the Admin REST API refers to it as provider.

[guineveresaenger]

hi @dglozano - we're sorry you're encountering this bug. It does appear as though this is an upstream issue: keycloak/terraform-provider-keycloak#896 and we will pull in any fixes as soon as they become available there.