No authentication provider found for id: registration-page-form

[shaidar]

Under Keycloak's Authentication when trying to create a registration flow that is basically a copy of the built-in registration flow, the registration flow has an authentication execution step that requires a registration-page-form as its authenticator. However, that throws the following error:

No authentication provider found for id: registration-page-form

Looking at the code here the endpoints specified in the comment, does not include the registration-page-form as that's available at the following endpoint:

realms/{realm}/authentication/form-action-providers

[dglozano]

Having the same issue with all the executions included in the default registration flow

[shaidar]

This appears to still be an issue with Keycloak version 26.x.

[sschu]

@shaidar Have you checked this on the main branch of the provider?

[thomasdarimont]

I think you have an error in your subflow configuration.

If you want to recreate the registration flow, your keycloak_authentication_subflow resource must use

...
  provider_id = "form-flow"
...

This will create a form flow that allows to configure the FormAction executions. Otherwise a basic-flow is created.

The following works for me:

terraform {
  required_providers {
    keycloak = {
      source  = "terraform.local/keycloak/keycloak"
      version = ">= 4.5.0"
    }
  }
}

provider "keycloak" {
  client_id     = "terraform"
  client_secret = "mysecret"
  url           = "http://localhost:8080"
}

resource "keycloak_realm" "test" {
  realm             = "gh-896"
  enabled           = true
}

resource "keycloak_authentication_flow" "registration-copy" {
  alias       = "registration-copy"
  realm_id    = keycloak_realm.test.id
  description = "Custom registration"

}

resource "keycloak_authentication_subflow" "registration-copy-form" {
  realm_id          = keycloak_realm.test.id
  parent_flow_alias = keycloak_authentication_flow.registration-copy.alias
  alias             = "registration-copy-form"
  requirement       = "REQUIRED"
  description = "Custom Registration Form"
  provider_id = "form-flow"
}

resource "keycloak_authentication_execution" "register-user-profile-creation" {
  realm_id          = keycloak_realm.test.id
  parent_flow_alias = keycloak_authentication_subflow.registration-copy-form.alias
  authenticator     = "registration-user-creation"
  requirement       = "REQUIRED"
}

Yields:

[shaidar]

@thomasdarimont Thanks for the response. The error is actually coming from the authenticator key being set to registration-page-form which is the value we got by looking at the Keycloak json export.

That being said, trying to duplicate the registration auth flow using the UI, I don't see the registration form when adding a step, so maybe that's not even an option and just creating a custom form works just as well. If that's truly the case, then I'm somewhat unclear regarding the registration-page-form.

[thomasdarimont]

@shaidar ah I see, I think the following does what you need:

You can configure the authenticator = "registration-page-form" on the keycloak_authentication_subflow.
With that in place the representation from /admin/realms/gh-896/authentication/flows and /admin/realms/gh-896/authentication/flows/registration-copy/executions look like the versions from the original registration flow.

resource "keycloak_realm" "test" {
  realm   = "gh-896"
  enabled = true
}

resource "keycloak_authentication_flow" "registration-copy" {
  alias       = "registration-copy"
  realm_id    = keycloak_realm.test.id
  description = "Custom registration"

}

resource "keycloak_authentication_subflow" "registration-copy-form" {
  realm_id          = keycloak_realm.test.id
  parent_flow_alias = keycloak_authentication_flow.registration-copy.alias
  alias             = "registration-copy-form"
  requirement       = "REQUIRED"
  description       = "Custom Registration Form"
  authenticator     = "registration-page-form"
  provider_id       = "form-flow"
}

resource "keycloak_authentication_execution" "register-user-profile-creation" {
  realm_id          = keycloak_realm.test.id
  parent_flow_alias = keycloak_authentication_subflow.registration-copy-form.alias
  authenticator     = "registration-user-creation"
  requirement       = "REQUIRED"
}

resource "keycloak_authentication_execution" "register-validate-password" {
  realm_id          = keycloak_realm.test.id
  parent_flow_alias = keycloak_authentication_subflow.registration-copy-form.alias
  authenticator     = "registration-password-action"
  requirement       = "REQUIRED"
  depends_on = [keycloak_authentication_execution.register-user-profile-creation]
}

resource "keycloak_authentication_execution" "register-recaptcha" {
  realm_id          = keycloak_realm.test.id
  parent_flow_alias = keycloak_authentication_subflow.registration-copy-form.alias
  authenticator     = "registration-recaptcha-action"
  requirement       = "DISABLED"
  depends_on = [keycloak_authentication_execution.register-validate-password]
}

resource "keycloak_authentication_execution" "register-terms" {
  realm_id          = keycloak_realm.test.id
  parent_flow_alias = keycloak_authentication_subflow.registration-copy-form.alias
  authenticator     = "registration-terms-and-conditions"
  requirement       = "DISABLED"
  depends_on = [keycloak_authentication_execution.register-recaptcha]
}

[shaidar]

Yeah that seems to work. Thanks for the help!