Account Console: Read Only Federated User cannot change GUI language

Solution Unverified - Updated -

Environment

  • RH-SSO
    • 7.x

Issue

  • Account Console: Read Only Federated User cannot change GUI language
  • If the user federation (e.g. LDAP) is set to READ_ONLY it is not possible for these users to change the GUI language in the account console ("/auth/realms/example/account/") through the drop down selector. Instead always the accept language of the browser is used.
    The issue is that the kc_locale parameter seems to be added/set to the UserModel in
    DefaultLocaleUpdaterProvider.updateUsersLocale() which fails with ReadOnlyException.

Resolution

  • Currently no way to change the language if the mode is "READONLY"
    but you may choose to use below workaround:

    • 'UNSYNCHED' Mode as "edit mode" which will not update the ldap directly and will update the local database (and you will be able to change the language)
    • Check by changing the browser language but unsure about this option
  • If continue using the Edit mode as "READONLY" then there is an RFE and Engineering team is considering this in 8.x (probably in a 8.1 where they should consider it as a Major priority issue to address). So target is like late CY22 / earlier CY23 , always subject to change..

Root Cause

  • According to the keycloak documentation for RHSSO the edit mode represents how this object is handled within RHSSO. When a READ_ONLY flag is set, it is assumed that this user will be fully managed outside of RHSSO and therefore treats any and all attempted changes as invalid. A change in user preferences configures an update in the profile metadata which consequently needs to change the user. As there is a READ_ONLY flag, RHSSO rejects this action.

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.

Comments