Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(jans-keycloak-integration): update kc-saml integration installation for ce and cn #8776

Closed
uprightech opened this issue Jun 24, 2024 · 0 comments · Fixed by #8792
Closed

feat(jans-keycloak-integration): update kc-saml integration installation for ce and cn #8776

uprightech opened this issue Jun 24, 2024 · 0 comments · Fixed by #8792
Assignees
@iromli @uprightech @devrimyatar
Labels
kind-feature Issue or PR is a new feature request
Milestone
1.1.3

Comments

@uprightech
Copy link
Contributor

uprightech commented Jun 24, 2024
edited
Loading

Completes issue #8614 .
Completes issue #7399 .

Update to SPIs

The keycloak SPIs have been merged into a single SPI to reduce duplicate dependencies between SPIs and bring them under one umbrella. The artifact that bundles them all is called kc-jans-spi with the binaries being built here https://jenkins.jans.io/maven/io/jans/kc-jans-spi/1.1.3-SNAPSHOT/
Remove reference to the following SPIs:

  • kc-jans-authn-plugin
  • kc-jans-storage-plugin

Instead of copying their files to /opt/keycloak/providers , copy the files for kc-jans-spi in the same directory.

Quarkus properties file for CDI

A quarkus properties file has been added in jans-linux-setup/jans_setup/templates/jans_saml/quarkus.properties. During setup , copy said file to /opt/keycloak/conf/

Changes to service file

Changes have been made to kc.service ,specifically the startup command ExecStart. All it's parameters have been removed and moved to jans-linux-setup/jans_setup/templates/jans-saml/keycloak.conf
Make sure the file is properly rendered with the correct parameters.
In addition , make sure the parameter jansBaseFolder is available when the kc.service service template is being rendered.
This contains the base configuration folder for jans (/etc/jans) usually.

Remove reference to Jans SCIM Client

There was a requirement to create a scim client called Jans SCIM Client for SAML. We will have to remove it as it is no more necessary.

Switch keycloak from dev to production.

In kc.service , the start argument is start-dev , but ought to be start so we run in production mode , but this requires switch from the H2 file database used by keycloak to a production database. This may require further discussion , but I think it can be done already for postgresql. Supported databases by keycloak can be found here https://www.keycloak.org/server/db.
But when the database we use to install is postgresql , for now , let's do the following:

  • In the kc.service file , in the startup command , switch from start-dev to start
  • create a postgresql user called keycloak and a database of the same name.
  • add the above to the parameters to render the file keycloak.conf (check the db,db-username,db-password and db-url in the same file). The db-url should be of the format jdbc:postgresql://<server>:<port>/<db-name>

In addition during startup , it's important to run /opt/keycloak/bin/kc.sh build before starting the keycloak service.
@mo-auto mo-auto added the kind-feature Issue or PR is a new feature request label Jun 24, 2024
@uprightech uprightech changed the title feat(jans-keycloak-integration): update keycloak installation in CE and CN feat(jans-keycloak-integration): update kc-saml integration installation for ce and cn Jun 25, 2024
uprightech added a commit that referenced this issue Jun 27, 2024
@uprightech
feat(jans-keycloak-integration): update kc-saml integration installat…
d78a5c4 
…ion for ce and cn #8776

* marked jans  authenticator in the kc authentication flow ALTERNATIVE
* updated providerId for our custom user storage provider

Signed-off-by: Rolain Djeumen <uprightech@gmail.com>
uprightech added a commit that referenced this issue Jun 27, 2024
@uprightech
feat(jans-keycloak-integration): update kc-saml integration installat…
4f7f4ed 
…ion for ce and cn #8776

* bump keycloak version in setup to 25.0.1

Signed-off-by: Rolain Djeumen <uprightech@gmail.com>
uprightech added a commit that referenced this issue Jun 27, 2024
@uprightech
feat(jans-keycloak-integration): update kc-saml integration installat…
4532319 
…ion for ce and cn #8776

* removed references to scim client configuration reference (used by former user storage provider)

Signed-off-by: Rolain Djeumen <uprightech@gmail.com>
uprightech added a commit that referenced this issue Jun 27, 2024
@uprightech
feat(jans-keycloak-integration): update kc-saml integration installat…
aaa0046 
…ion for ce and cn #8776

* moved kc service configuration parameters from service file to keycloak configuration file

Signed-off-by: Rolain Djeumen <uprightech@gmail.com>
@uprightech uprightech assigned devrimyatar, iromli and uprightech and unassigned moabu Jun 27, 2024
uprightech added a commit that referenced this issue Jun 27, 2024
@uprightech
feat(jans-keycloak-integration): update kc-saml integration installat…
466f996 
…ion for ce and cn #8776

* added quarkus.properties
* minor change to keycloak service file

Signed-off-by: Rolain Djeumen <uprightech@gmail.com>
@uprightech uprightech added this to the 1.1.3 milestone Jun 27, 2024
@uprightech uprightech mentioned this issue Jun 27, 2024
Merged
moabu added a commit that referenced this issue Jun 27, 2024
@uprightech @moabu
feat(jans-keycloak-integration): update kc-saml integration installat…
db6bc71 
…ion for ce and cn #8776 (#8792)

* fix(jans-linux-setup): improper scim configuration for jans kc #8210
* updated the keycloak configuration file to reflect the  configuration for the storage-spi

Signed-off-by: Rolain Djeumen <uprightech@gmail.com>

* chore(jans-keycloak-integration): bump kc version to 24.0.0 #8315

Signed-off-by: Rolain Djeumen <uprightech@gmail.com>

* feat(jans-keycloak-integration): keycloak protocol mapper

Signed-off-by: Rolain Djeumen <uprightech@gmail.com>

* feat(jans-keycloak-integration): remove references to jans standalone persistence layer

Signed-off-by: Rolain Djeumen <uprightech@gmail.com>

* feat(jans-keycloak-integration): experimental protocol mapper for kc #8614
* added persistence manager configuration for protocol mapper

Signed-off-by: Rolain Djeumen <uprightech@gmail.com>

* feat(jans-keycloak-integration): added dependencies for protocol mapper #8614

Signed-off-by: Rolain Djeumen <uprightech@gmail.com>

* feat(jans-keycloak-integration): experimental protocol mapper  #8614
* added dependencies to protocol mapper
* added protocol mapper main class

Signed-off-by: Rolain Djeumen <uprightech@gmail.com>

* feat(jans-keycloak-integration): experimental protocol mapper #8614
* added relevant models to fetch user attributes
* refactored the db configuration classes

Signed-off-by: Rolain Djeumen <uprightech@gmail.com>

* feat(jans-keycloak-integration): janssen spi bundle  #8614
* created maven project for janssen spi bundle

Signed-off-by: Rolain Djeumen <uprightech@gmail.com>

* feat(jans-keycloak-integration): janssen spi bundle #8614
* added dependencies xml

Signed-off-by: Rolain Djeumen <uprightech@gmail.com>

* feat(jans-keycloak-integration): enhancements to job-scheduler #8614
* added support for new protocol mapper in job scheduler
* fixed typo in application shutdown log message

Signed-off-by: Rolain Djeumen <uprightech@gmail.com>

* feat(jans-keycloak-integration): keycloak integration enhancements  #8614
* added support for the protocol-mapper in job-scheduler configuration
* fixed issue in  job-scheduler logging configuration that caused too many log files to be created

Signed-off-by: Rolain Djeumen <uprightech@gmail.com>

* feat(jans-keycloak-integration): spi bundle #8614
* additions to the spi bundle pom file

Signed-off-by: Rolain Djeumen <uprightech@gmail.com>

* feat(jans-keycloak-integration): keycloak integration enhancements #8614
* added protocol mapper implementation

Signed-off-by: Rolain Djeumen <uprightech@gmail.com>

* feat(jans-keycloak-integration): enhancements to jans-keycloak-integration #8614
* added thin bridge spi provider
* added models for thin bridge provider

Signed-off-by: Rolain Djeumen <uprightech@gmail.com>

* feat(jans-keycloak-integration): enhancements to jans-keycloak-integration #8614
* moved authenticator spi to spi module
* minor refactoring to the authenticator spi

Signed-off-by: Rolain Djeumen <uprightech@gmail.com>

* feat(jans-keycloak-integration): enhancements to jans-keycloak-integration #8614
* moved authenticator rest service spi to spi module

Signed-off-by: Rolain Djeumen <uprightech@gmail.com>

* feat(jans-keycloak-integration): enhancements to jans-keycloak-integration #8614
* added new storage provider implementation

Signed-off-by: Rolain Djeumen <uprightech@gmail.com>

* feat(jans-keycloak-integration): enhancements to jans-keycloak-integration #8614
* added missing files to spi

Signed-off-by: Rolain Djeumen <uprightech@gmail.com>

* feat(jans-keycloak-integration): enhancements to jans-keycloak-integration #8614
* added resource files to spi module

Signed-off-by: Rolain Djeumen <uprightech@gmail.com>

* feat(jans-keycloak-integration): enhancements to jans-keycloak-integration #8614
* bump spi version to 1.1.3-SNAPSHOT
* removed protocol-mapper PoC from build modules

Signed-off-by: Rolain Djeumen <uprightech@gmail.com>

* feat(jans-keycloak-integration): enhancements to jans-keycloak-integration #8614
* minor bugfix to scheduler. did not show fatal startup errors in log file

Signed-off-by: Rolain Djeumen <uprightech@gmail.com>

* feat(jans-keycloak-integration): enhancements to jans-keycloak-integration #8614
*fix for fatal errors which don't still appear in the logs

Signed-off-by: Rolain Djeumen <uprightech@gmail.com>

* feat(jans-keycloak-integration): enhancements to jans-keycloak-integration #8614
* further housekeeping in job-scheduler

Signed-off-by: Rolain Djeumen <uprightech@gmail.com>

* feat(jans-keycloak-integration): enhancements to jans-keycloak-integration #8614
* fixed bug in user storage spi preventing authentication in new version of keycloak

Signed-off-by: Rolain Djeumen <uprightech@gmail.com>

* feat(jans-keycloak-integration): enhancements to jans-keycloak-integration #8614
* have scheduler create saml clients with document and assertion signing as default configuration

Signed-off-by: Rolain Djeumen <uprightech@gmail.com>

* feat(jans-keycloak-integration): enhancement to jans-keycloak-integration #8614
* removed reference to protocol-mapper poc submodule

Signed-off-by: Rolain Djeumen <uprightech@gmail.com>

* feat(jans-keycloak-integration): enhancements to jans-keycloak-integration #8614
* removed reference to storage-spi module
* restored job-scheduler module in build pom

Signed-off-by: Rolain Djeumen <uprightech@gmail.com>

* feat(jans-keycloak-integration): enhancements to jans-keycloak-integration #8614
* removed authenticator source as it was moved to spi

Signed-off-by: Rolain Djeumen <uprightech@gmail.com>

* feat(jans-keycloak-integration): enhancements to jans-keycloak-integration #8614
* fixes suggested by static analyser

Signed-off-by: Rolain Djeumen <uprightech@gmail.com>

* feat(jans-keycloak-integration): enhancements to jans-keycloak-integration #8614

Signed-off-by: Rolain Djeumen <uprightech@gmail.com>

* feat(jans-keycloak-integration): enhancements to jans-keycloak-integration #8614

Signed-off-by: Rolain Djeumen <uprightech@gmail.com>

* feat(jans-keycloak-integration): enhancements to jans-keycloak-integration #8614

Signed-off-by: Rolain Djeumen <uprightech@gmail.com>

* feat(jans-keycloak-integration): update kc-saml integration installation for ce and cn #8776
* marked jans  authenticator in the kc authentication flow ALTERNATIVE
* updated providerId for our custom user storage provider

Signed-off-by: Rolain Djeumen <uprightech@gmail.com>

* feat(jans-keycloak-integration): update kc-saml integration installation for ce and cn #8776
* bump keycloak version in setup to 25.0.1

Signed-off-by: Rolain Djeumen <uprightech@gmail.com>

* feat(jans-keycloak-integration): update kc-saml integration installation for ce and cn #8776
* removed references to scim client configuration reference (used by former user storage provider)

Signed-off-by: Rolain Djeumen <uprightech@gmail.com>

* feat(jans-keycloak-integration): update kc-saml integration installation for ce and cn #8776
* moved kc service configuration parameters from service file to keycloak configuration file

Signed-off-by: Rolain Djeumen <uprightech@gmail.com>

* feat(jans-keycloak-integration): update kc-saml integration installation for ce and cn #8776
* added quarkus.properties
* minor change to keycloak service file

Signed-off-by: Rolain Djeumen <uprightech@gmail.com>

* fix: adjust keycloak version

Signed-off-by: moabu <47318409+moabu@users.noreply.github.com>

---------

Signed-off-by: Rolain Djeumen <uprightech@gmail.com>
Signed-off-by: moabu <47318409+moabu@users.noreply.github.com>
Co-authored-by: moabu <47318409+moabu@users.noreply.github.com>
@iromli iromli mentioned this issue Jun 27, 2024
Closed
uprightech added a commit that referenced this issue Jun 28, 2024
@uprightech
fix(jans-keycloak-integration): fix build issue after bumping keycloa…
98f2213 
…k libs version #8776

Signed-off-by: Rolain Djeumen <uprightech@gmail.com>
@uprightech uprightech mentioned this issue Jun 28, 2024
Merged
yurem pushed a commit that referenced this issue Jun 28, 2024
@uprightech
feat(jans-keycloak-integration): update kc saml integration into ce a…
8d4251a 
…nd cn #8776 (#8806)

* fix(jans-linux-setup): improper scim configuration for jans kc #8210
* updated the keycloak configuration file to reflect the  configuration for the storage-spi

Signed-off-by: Rolain Djeumen <uprightech@gmail.com>

* chore(jans-keycloak-integration): bump kc version to 24.0.0 #8315

Signed-off-by: Rolain Djeumen <uprightech@gmail.com>

* feat(jans-keycloak-integration): keycloak protocol mapper

Signed-off-by: Rolain Djeumen <uprightech@gmail.com>

* feat(jans-keycloak-integration): remove references to jans standalone persistence layer

Signed-off-by: Rolain Djeumen <uprightech@gmail.com>

* feat(jans-keycloak-integration): experimental protocol mapper for kc #8614
* added persistence manager configuration for protocol mapper

Signed-off-by: Rolain Djeumen <uprightech@gmail.com>

* feat(jans-keycloak-integration): added dependencies for protocol mapper #8614

Signed-off-by: Rolain Djeumen <uprightech@gmail.com>

* feat(jans-keycloak-integration): experimental protocol mapper  #8614
* added dependencies to protocol mapper
* added protocol mapper main class

Signed-off-by: Rolain Djeumen <uprightech@gmail.com>

* feat(jans-keycloak-integration): experimental protocol mapper #8614
* added relevant models to fetch user attributes
* refactored the db configuration classes

Signed-off-by: Rolain Djeumen <uprightech@gmail.com>

* feat(jans-keycloak-integration): janssen spi bundle  #8614
* created maven project for janssen spi bundle

Signed-off-by: Rolain Djeumen <uprightech@gmail.com>

* feat(jans-keycloak-integration): janssen spi bundle #8614
* added dependencies xml

Signed-off-by: Rolain Djeumen <uprightech@gmail.com>

* feat(jans-keycloak-integration): enhancements to job-scheduler #8614
* added support for new protocol mapper in job scheduler
* fixed typo in application shutdown log message

Signed-off-by: Rolain Djeumen <uprightech@gmail.com>

* feat(jans-keycloak-integration): keycloak integration enhancements  #8614
* added support for the protocol-mapper in job-scheduler configuration
* fixed issue in  job-scheduler logging configuration that caused too many log files to be created

Signed-off-by: Rolain Djeumen <uprightech@gmail.com>

* feat(jans-keycloak-integration): spi bundle #8614
* additions to the spi bundle pom file

Signed-off-by: Rolain Djeumen <uprightech@gmail.com>

* feat(jans-keycloak-integration): keycloak integration enhancements #8614
* added protocol mapper implementation

Signed-off-by: Rolain Djeumen <uprightech@gmail.com>

* feat(jans-keycloak-integration): enhancements to jans-keycloak-integration #8614
* added thin bridge spi provider
* added models for thin bridge provider

Signed-off-by: Rolain Djeumen <uprightech@gmail.com>

* feat(jans-keycloak-integration): enhancements to jans-keycloak-integration #8614
* moved authenticator spi to spi module
* minor refactoring to the authenticator spi

Signed-off-by: Rolain Djeumen <uprightech@gmail.com>

* feat(jans-keycloak-integration): enhancements to jans-keycloak-integration #8614
* moved authenticator rest service spi to spi module

Signed-off-by: Rolain Djeumen <uprightech@gmail.com>

* feat(jans-keycloak-integration): enhancements to jans-keycloak-integration #8614
* added new storage provider implementation

Signed-off-by: Rolain Djeumen <uprightech@gmail.com>

* feat(jans-keycloak-integration): enhancements to jans-keycloak-integration #8614
* added missing files to spi

Signed-off-by: Rolain Djeumen <uprightech@gmail.com>

* feat(jans-keycloak-integration): enhancements to jans-keycloak-integration #8614
* added resource files to spi module

Signed-off-by: Rolain Djeumen <uprightech@gmail.com>

* feat(jans-keycloak-integration): enhancements to jans-keycloak-integration #8614
* bump spi version to 1.1.3-SNAPSHOT
* removed protocol-mapper PoC from build modules

Signed-off-by: Rolain Djeumen <uprightech@gmail.com>

* feat(jans-keycloak-integration): enhancements to jans-keycloak-integration #8614
* minor bugfix to scheduler. did not show fatal startup errors in log file

Signed-off-by: Rolain Djeumen <uprightech@gmail.com>

* feat(jans-keycloak-integration): enhancements to jans-keycloak-integration #8614
*fix for fatal errors which don't still appear in the logs

Signed-off-by: Rolain Djeumen <uprightech@gmail.com>

* feat(jans-keycloak-integration): enhancements to jans-keycloak-integration #8614
* further housekeeping in job-scheduler

Signed-off-by: Rolain Djeumen <uprightech@gmail.com>

* feat(jans-keycloak-integration): enhancements to jans-keycloak-integration #8614
* fixed bug in user storage spi preventing authentication in new version of keycloak

Signed-off-by: Rolain Djeumen <uprightech@gmail.com>

* feat(jans-keycloak-integration): enhancements to jans-keycloak-integration #8614
* have scheduler create saml clients with document and assertion signing as default configuration

Signed-off-by: Rolain Djeumen <uprightech@gmail.com>

* feat(jans-keycloak-integration): enhancement to jans-keycloak-integration #8614
* removed reference to protocol-mapper poc submodule

Signed-off-by: Rolain Djeumen <uprightech@gmail.com>

* feat(jans-keycloak-integration): enhancements to jans-keycloak-integration #8614
* removed reference to storage-spi module
* restored job-scheduler module in build pom

Signed-off-by: Rolain Djeumen <uprightech@gmail.com>

* feat(jans-keycloak-integration): enhancements to jans-keycloak-integration #8614
* removed authenticator source as it was moved to spi

Signed-off-by: Rolain Djeumen <uprightech@gmail.com>

* feat(jans-keycloak-integration): enhancements to jans-keycloak-integration #8614
* fixes suggested by static analyser

Signed-off-by: Rolain Djeumen <uprightech@gmail.com>

* feat(jans-keycloak-integration): enhancements to jans-keycloak-integration #8614

Signed-off-by: Rolain Djeumen <uprightech@gmail.com>

* feat(jans-keycloak-integration): enhancements to jans-keycloak-integration #8614

Signed-off-by: Rolain Djeumen <uprightech@gmail.com>

* feat(jans-keycloak-integration): enhancements to jans-keycloak-integration #8614

Signed-off-by: Rolain Djeumen <uprightech@gmail.com>

* feat(jans-keycloak-integration): update kc-saml integration installation for ce and cn #8776
* marked jans  authenticator in the kc authentication flow ALTERNATIVE
* updated providerId for our custom user storage provider

Signed-off-by: Rolain Djeumen <uprightech@gmail.com>

* feat(jans-keycloak-integration): update kc-saml integration installation for ce and cn #8776
* bump keycloak version in setup to 25.0.1

Signed-off-by: Rolain Djeumen <uprightech@gmail.com>

* feat(jans-keycloak-integration): update kc-saml integration installation for ce and cn #8776
* removed references to scim client configuration reference (used by former user storage provider)

Signed-off-by: Rolain Djeumen <uprightech@gmail.com>

* feat(jans-keycloak-integration): update kc-saml integration installation for ce and cn #8776
* moved kc service configuration parameters from service file to keycloak configuration file

Signed-off-by: Rolain Djeumen <uprightech@gmail.com>

* feat(jans-keycloak-integration): update kc-saml integration installation for ce and cn #8776
* added quarkus.properties
* minor change to keycloak service file

Signed-off-by: Rolain Djeumen <uprightech@gmail.com>

* fix(jans-keycloak-integration): fix build issue after bumping keycloak libs version #8776

Signed-off-by: Rolain Djeumen <uprightech@gmail.com>

---------

Signed-off-by: Rolain Djeumen <uprightech@gmail.com>
@devrimyatar devrimyatar mentioned this issue Jul 3, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@iromli iromli

@uprightech uprightech

@devrimyatar devrimyatar

Labels
kind-feature Issue or PR is a new feature request
Projects
None yet
Milestone
1.1.3
5 participants
@iromli @uprightech @devrimyatar @moabu @mo-auto