From c824447348af2fdad676689df8b8900496cba56e Mon Sep 17 00:00:00 2001 From: Anatolii Bazko Date: Wed, 16 Sep 2020 12:26:09 +0300 Subject: [PATCH] Add validation for username field to be dns compatible (#444) Signed-off-by: Anatolii Bazko --- pkg/deploy/deployment_keycloak.go | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/pkg/deploy/deployment_keycloak.go b/pkg/deploy/deployment_keycloak.go index 015b109a1..ab1b93ad4 100644 --- a/pkg/deploy/deployment_keycloak.go +++ b/pkg/deploy/deployment_keycloak.go @@ -476,7 +476,13 @@ func getSpecKeycloakDeployment( " && /opt/jboss/docker-entrypoint.sh -b 0.0.0.0 -c standalone.xml" command += " -Dkeycloak.profile.feature.token_exchange=enabled -Dkeycloak.profile.feature.admin_fine_grained_authz=enabled" if cheFlavor == "codeready" { - command = addCertToTrustStoreCommand + addProxyCliCommand + applyProxyCliCommand + + addUsernameValidationForKeycloakTheme := "sed -i 's|id=\"username\" name=\"username\"|" + + "id=\"username\" " + + "pattern=\"[a-z]([-a-z0-9]{0,61}[a-z0-9])?\" " + + "title=\"Username has to comply with the DNS naming convention. An alphanumeric (a-z, and 0-9) string, with a maximum length of 63 characters, with the '-' character allowed anywhere except the first or last character.\" " + + "name=\"username\"|g' " + + "/opt/eap/themes/base/login/login-update-profile.ftl" + command = addUsernameValidationForKeycloakTheme + " && " + addCertToTrustStoreCommand + addProxyCliCommand + applyProxyCliCommand + " && echo \"feature.token_exchange=enabled\nfeature.admin_fine_grained_authz=enabled\" > /opt/eap/standalone/configuration/profile.properties " + " && sed -i 's/WILDCARD/ANY/g' /opt/eap/bin/launch/keycloak-spi.sh && /opt/eap/bin/openshift-launch.sh -b 0.0.0.0" }