-
Notifications
You must be signed in to change notification settings - Fork 71
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat(jans-keycloak-integration): update kc-saml integration installation for ce and cn #8776
Comments
uprightech
added a commit
that referenced
this issue
Jun 27, 2024
…ion for ce and cn #8776 * marked jans authenticator in the kc authentication flow ALTERNATIVE * updated providerId for our custom user storage provider Signed-off-by: Rolain Djeumen <uprightech@gmail.com>
uprightech
added a commit
that referenced
this issue
Jun 27, 2024
…ion for ce and cn #8776 * bump keycloak version in setup to 25.0.1 Signed-off-by: Rolain Djeumen <uprightech@gmail.com>
uprightech
added a commit
that referenced
this issue
Jun 27, 2024
…ion for ce and cn #8776 * removed references to scim client configuration reference (used by former user storage provider) Signed-off-by: Rolain Djeumen <uprightech@gmail.com>
uprightech
added a commit
that referenced
this issue
Jun 27, 2024
…ion for ce and cn #8776 * moved kc service configuration parameters from service file to keycloak configuration file Signed-off-by: Rolain Djeumen <uprightech@gmail.com>
uprightech
added a commit
that referenced
this issue
Jun 27, 2024
…ion for ce and cn #8776 * added quarkus.properties * minor change to keycloak service file Signed-off-by: Rolain Djeumen <uprightech@gmail.com>
moabu
added a commit
that referenced
this issue
Jun 27, 2024
…ion for ce and cn #8776 (#8792) * fix(jans-linux-setup): improper scim configuration for jans kc #8210 * updated the keycloak configuration file to reflect the configuration for the storage-spi Signed-off-by: Rolain Djeumen <uprightech@gmail.com> * chore(jans-keycloak-integration): bump kc version to 24.0.0 #8315 Signed-off-by: Rolain Djeumen <uprightech@gmail.com> * feat(jans-keycloak-integration): keycloak protocol mapper Signed-off-by: Rolain Djeumen <uprightech@gmail.com> * feat(jans-keycloak-integration): remove references to jans standalone persistence layer Signed-off-by: Rolain Djeumen <uprightech@gmail.com> * feat(jans-keycloak-integration): experimental protocol mapper for kc #8614 * added persistence manager configuration for protocol mapper Signed-off-by: Rolain Djeumen <uprightech@gmail.com> * feat(jans-keycloak-integration): added dependencies for protocol mapper #8614 Signed-off-by: Rolain Djeumen <uprightech@gmail.com> * feat(jans-keycloak-integration): experimental protocol mapper #8614 * added dependencies to protocol mapper * added protocol mapper main class Signed-off-by: Rolain Djeumen <uprightech@gmail.com> * feat(jans-keycloak-integration): experimental protocol mapper #8614 * added relevant models to fetch user attributes * refactored the db configuration classes Signed-off-by: Rolain Djeumen <uprightech@gmail.com> * feat(jans-keycloak-integration): janssen spi bundle #8614 * created maven project for janssen spi bundle Signed-off-by: Rolain Djeumen <uprightech@gmail.com> * feat(jans-keycloak-integration): janssen spi bundle #8614 * added dependencies xml Signed-off-by: Rolain Djeumen <uprightech@gmail.com> * feat(jans-keycloak-integration): enhancements to job-scheduler #8614 * added support for new protocol mapper in job scheduler * fixed typo in application shutdown log message Signed-off-by: Rolain Djeumen <uprightech@gmail.com> * feat(jans-keycloak-integration): keycloak integration enhancements #8614 * added support for the protocol-mapper in job-scheduler configuration * fixed issue in job-scheduler logging configuration that caused too many log files to be created Signed-off-by: Rolain Djeumen <uprightech@gmail.com> * feat(jans-keycloak-integration): spi bundle #8614 * additions to the spi bundle pom file Signed-off-by: Rolain Djeumen <uprightech@gmail.com> * feat(jans-keycloak-integration): keycloak integration enhancements #8614 * added protocol mapper implementation Signed-off-by: Rolain Djeumen <uprightech@gmail.com> * feat(jans-keycloak-integration): enhancements to jans-keycloak-integration #8614 * added thin bridge spi provider * added models for thin bridge provider Signed-off-by: Rolain Djeumen <uprightech@gmail.com> * feat(jans-keycloak-integration): enhancements to jans-keycloak-integration #8614 * moved authenticator spi to spi module * minor refactoring to the authenticator spi Signed-off-by: Rolain Djeumen <uprightech@gmail.com> * feat(jans-keycloak-integration): enhancements to jans-keycloak-integration #8614 * moved authenticator rest service spi to spi module Signed-off-by: Rolain Djeumen <uprightech@gmail.com> * feat(jans-keycloak-integration): enhancements to jans-keycloak-integration #8614 * added new storage provider implementation Signed-off-by: Rolain Djeumen <uprightech@gmail.com> * feat(jans-keycloak-integration): enhancements to jans-keycloak-integration #8614 * added missing files to spi Signed-off-by: Rolain Djeumen <uprightech@gmail.com> * feat(jans-keycloak-integration): enhancements to jans-keycloak-integration #8614 * added resource files to spi module Signed-off-by: Rolain Djeumen <uprightech@gmail.com> * feat(jans-keycloak-integration): enhancements to jans-keycloak-integration #8614 * bump spi version to 1.1.3-SNAPSHOT * removed protocol-mapper PoC from build modules Signed-off-by: Rolain Djeumen <uprightech@gmail.com> * feat(jans-keycloak-integration): enhancements to jans-keycloak-integration #8614 * minor bugfix to scheduler. did not show fatal startup errors in log file Signed-off-by: Rolain Djeumen <uprightech@gmail.com> * feat(jans-keycloak-integration): enhancements to jans-keycloak-integration #8614 *fix for fatal errors which don't still appear in the logs Signed-off-by: Rolain Djeumen <uprightech@gmail.com> * feat(jans-keycloak-integration): enhancements to jans-keycloak-integration #8614 * further housekeeping in job-scheduler Signed-off-by: Rolain Djeumen <uprightech@gmail.com> * feat(jans-keycloak-integration): enhancements to jans-keycloak-integration #8614 * fixed bug in user storage spi preventing authentication in new version of keycloak Signed-off-by: Rolain Djeumen <uprightech@gmail.com> * feat(jans-keycloak-integration): enhancements to jans-keycloak-integration #8614 * have scheduler create saml clients with document and assertion signing as default configuration Signed-off-by: Rolain Djeumen <uprightech@gmail.com> * feat(jans-keycloak-integration): enhancement to jans-keycloak-integration #8614 * removed reference to protocol-mapper poc submodule Signed-off-by: Rolain Djeumen <uprightech@gmail.com> * feat(jans-keycloak-integration): enhancements to jans-keycloak-integration #8614 * removed reference to storage-spi module * restored job-scheduler module in build pom Signed-off-by: Rolain Djeumen <uprightech@gmail.com> * feat(jans-keycloak-integration): enhancements to jans-keycloak-integration #8614 * removed authenticator source as it was moved to spi Signed-off-by: Rolain Djeumen <uprightech@gmail.com> * feat(jans-keycloak-integration): enhancements to jans-keycloak-integration #8614 * fixes suggested by static analyser Signed-off-by: Rolain Djeumen <uprightech@gmail.com> * feat(jans-keycloak-integration): enhancements to jans-keycloak-integration #8614 Signed-off-by: Rolain Djeumen <uprightech@gmail.com> * feat(jans-keycloak-integration): enhancements to jans-keycloak-integration #8614 Signed-off-by: Rolain Djeumen <uprightech@gmail.com> * feat(jans-keycloak-integration): enhancements to jans-keycloak-integration #8614 Signed-off-by: Rolain Djeumen <uprightech@gmail.com> * feat(jans-keycloak-integration): update kc-saml integration installation for ce and cn #8776 * marked jans authenticator in the kc authentication flow ALTERNATIVE * updated providerId for our custom user storage provider Signed-off-by: Rolain Djeumen <uprightech@gmail.com> * feat(jans-keycloak-integration): update kc-saml integration installation for ce and cn #8776 * bump keycloak version in setup to 25.0.1 Signed-off-by: Rolain Djeumen <uprightech@gmail.com> * feat(jans-keycloak-integration): update kc-saml integration installation for ce and cn #8776 * removed references to scim client configuration reference (used by former user storage provider) Signed-off-by: Rolain Djeumen <uprightech@gmail.com> * feat(jans-keycloak-integration): update kc-saml integration installation for ce and cn #8776 * moved kc service configuration parameters from service file to keycloak configuration file Signed-off-by: Rolain Djeumen <uprightech@gmail.com> * feat(jans-keycloak-integration): update kc-saml integration installation for ce and cn #8776 * added quarkus.properties * minor change to keycloak service file Signed-off-by: Rolain Djeumen <uprightech@gmail.com> * fix: adjust keycloak version Signed-off-by: moabu <47318409+moabu@users.noreply.github.com> --------- Signed-off-by: Rolain Djeumen <uprightech@gmail.com> Signed-off-by: moabu <47318409+moabu@users.noreply.github.com> Co-authored-by: moabu <47318409+moabu@users.noreply.github.com>
uprightech
added a commit
that referenced
this issue
Jun 28, 2024
…k libs version #8776 Signed-off-by: Rolain Djeumen <uprightech@gmail.com>
yurem
pushed a commit
that referenced
this issue
Jun 28, 2024
…nd cn #8776 (#8806) * fix(jans-linux-setup): improper scim configuration for jans kc #8210 * updated the keycloak configuration file to reflect the configuration for the storage-spi Signed-off-by: Rolain Djeumen <uprightech@gmail.com> * chore(jans-keycloak-integration): bump kc version to 24.0.0 #8315 Signed-off-by: Rolain Djeumen <uprightech@gmail.com> * feat(jans-keycloak-integration): keycloak protocol mapper Signed-off-by: Rolain Djeumen <uprightech@gmail.com> * feat(jans-keycloak-integration): remove references to jans standalone persistence layer Signed-off-by: Rolain Djeumen <uprightech@gmail.com> * feat(jans-keycloak-integration): experimental protocol mapper for kc #8614 * added persistence manager configuration for protocol mapper Signed-off-by: Rolain Djeumen <uprightech@gmail.com> * feat(jans-keycloak-integration): added dependencies for protocol mapper #8614 Signed-off-by: Rolain Djeumen <uprightech@gmail.com> * feat(jans-keycloak-integration): experimental protocol mapper #8614 * added dependencies to protocol mapper * added protocol mapper main class Signed-off-by: Rolain Djeumen <uprightech@gmail.com> * feat(jans-keycloak-integration): experimental protocol mapper #8614 * added relevant models to fetch user attributes * refactored the db configuration classes Signed-off-by: Rolain Djeumen <uprightech@gmail.com> * feat(jans-keycloak-integration): janssen spi bundle #8614 * created maven project for janssen spi bundle Signed-off-by: Rolain Djeumen <uprightech@gmail.com> * feat(jans-keycloak-integration): janssen spi bundle #8614 * added dependencies xml Signed-off-by: Rolain Djeumen <uprightech@gmail.com> * feat(jans-keycloak-integration): enhancements to job-scheduler #8614 * added support for new protocol mapper in job scheduler * fixed typo in application shutdown log message Signed-off-by: Rolain Djeumen <uprightech@gmail.com> * feat(jans-keycloak-integration): keycloak integration enhancements #8614 * added support for the protocol-mapper in job-scheduler configuration * fixed issue in job-scheduler logging configuration that caused too many log files to be created Signed-off-by: Rolain Djeumen <uprightech@gmail.com> * feat(jans-keycloak-integration): spi bundle #8614 * additions to the spi bundle pom file Signed-off-by: Rolain Djeumen <uprightech@gmail.com> * feat(jans-keycloak-integration): keycloak integration enhancements #8614 * added protocol mapper implementation Signed-off-by: Rolain Djeumen <uprightech@gmail.com> * feat(jans-keycloak-integration): enhancements to jans-keycloak-integration #8614 * added thin bridge spi provider * added models for thin bridge provider Signed-off-by: Rolain Djeumen <uprightech@gmail.com> * feat(jans-keycloak-integration): enhancements to jans-keycloak-integration #8614 * moved authenticator spi to spi module * minor refactoring to the authenticator spi Signed-off-by: Rolain Djeumen <uprightech@gmail.com> * feat(jans-keycloak-integration): enhancements to jans-keycloak-integration #8614 * moved authenticator rest service spi to spi module Signed-off-by: Rolain Djeumen <uprightech@gmail.com> * feat(jans-keycloak-integration): enhancements to jans-keycloak-integration #8614 * added new storage provider implementation Signed-off-by: Rolain Djeumen <uprightech@gmail.com> * feat(jans-keycloak-integration): enhancements to jans-keycloak-integration #8614 * added missing files to spi Signed-off-by: Rolain Djeumen <uprightech@gmail.com> * feat(jans-keycloak-integration): enhancements to jans-keycloak-integration #8614 * added resource files to spi module Signed-off-by: Rolain Djeumen <uprightech@gmail.com> * feat(jans-keycloak-integration): enhancements to jans-keycloak-integration #8614 * bump spi version to 1.1.3-SNAPSHOT * removed protocol-mapper PoC from build modules Signed-off-by: Rolain Djeumen <uprightech@gmail.com> * feat(jans-keycloak-integration): enhancements to jans-keycloak-integration #8614 * minor bugfix to scheduler. did not show fatal startup errors in log file Signed-off-by: Rolain Djeumen <uprightech@gmail.com> * feat(jans-keycloak-integration): enhancements to jans-keycloak-integration #8614 *fix for fatal errors which don't still appear in the logs Signed-off-by: Rolain Djeumen <uprightech@gmail.com> * feat(jans-keycloak-integration): enhancements to jans-keycloak-integration #8614 * further housekeeping in job-scheduler Signed-off-by: Rolain Djeumen <uprightech@gmail.com> * feat(jans-keycloak-integration): enhancements to jans-keycloak-integration #8614 * fixed bug in user storage spi preventing authentication in new version of keycloak Signed-off-by: Rolain Djeumen <uprightech@gmail.com> * feat(jans-keycloak-integration): enhancements to jans-keycloak-integration #8614 * have scheduler create saml clients with document and assertion signing as default configuration Signed-off-by: Rolain Djeumen <uprightech@gmail.com> * feat(jans-keycloak-integration): enhancement to jans-keycloak-integration #8614 * removed reference to protocol-mapper poc submodule Signed-off-by: Rolain Djeumen <uprightech@gmail.com> * feat(jans-keycloak-integration): enhancements to jans-keycloak-integration #8614 * removed reference to storage-spi module * restored job-scheduler module in build pom Signed-off-by: Rolain Djeumen <uprightech@gmail.com> * feat(jans-keycloak-integration): enhancements to jans-keycloak-integration #8614 * removed authenticator source as it was moved to spi Signed-off-by: Rolain Djeumen <uprightech@gmail.com> * feat(jans-keycloak-integration): enhancements to jans-keycloak-integration #8614 * fixes suggested by static analyser Signed-off-by: Rolain Djeumen <uprightech@gmail.com> * feat(jans-keycloak-integration): enhancements to jans-keycloak-integration #8614 Signed-off-by: Rolain Djeumen <uprightech@gmail.com> * feat(jans-keycloak-integration): enhancements to jans-keycloak-integration #8614 Signed-off-by: Rolain Djeumen <uprightech@gmail.com> * feat(jans-keycloak-integration): enhancements to jans-keycloak-integration #8614 Signed-off-by: Rolain Djeumen <uprightech@gmail.com> * feat(jans-keycloak-integration): update kc-saml integration installation for ce and cn #8776 * marked jans authenticator in the kc authentication flow ALTERNATIVE * updated providerId for our custom user storage provider Signed-off-by: Rolain Djeumen <uprightech@gmail.com> * feat(jans-keycloak-integration): update kc-saml integration installation for ce and cn #8776 * bump keycloak version in setup to 25.0.1 Signed-off-by: Rolain Djeumen <uprightech@gmail.com> * feat(jans-keycloak-integration): update kc-saml integration installation for ce and cn #8776 * removed references to scim client configuration reference (used by former user storage provider) Signed-off-by: Rolain Djeumen <uprightech@gmail.com> * feat(jans-keycloak-integration): update kc-saml integration installation for ce and cn #8776 * moved kc service configuration parameters from service file to keycloak configuration file Signed-off-by: Rolain Djeumen <uprightech@gmail.com> * feat(jans-keycloak-integration): update kc-saml integration installation for ce and cn #8776 * added quarkus.properties * minor change to keycloak service file Signed-off-by: Rolain Djeumen <uprightech@gmail.com> * fix(jans-keycloak-integration): fix build issue after bumping keycloak libs version #8776 Signed-off-by: Rolain Djeumen <uprightech@gmail.com> --------- Signed-off-by: Rolain Djeumen <uprightech@gmail.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Completes issue #8614 .
Completes issue #7399 .
Update to SPIs
The keycloak SPIs have been merged into a single SPI to reduce duplicate dependencies between SPIs and bring them under one umbrella. The artifact that bundles them all is called
kc-jans-spi
with the binaries being built here https://jenkins.jans.io/maven/io/jans/kc-jans-spi/1.1.3-SNAPSHOT/Remove reference to the following SPIs:
kc-jans-authn-plugin
kc-jans-storage-plugin
Instead of copying their files to
/opt/keycloak/providers
, copy the files forkc-jans-spi
in the same directory.Quarkus properties file for CDI
A quarkus properties file has been added in
jans-linux-setup/jans_setup/templates/jans_saml/quarkus.properties
. During setup , copy said file to/opt/keycloak/conf/
Changes to service file
Changes have been made to
kc.service
,specifically the startup commandExecStart
. All it's parameters have been removed and moved tojans-linux-setup/jans_setup/templates/jans-saml/keycloak.conf
Make sure the file is properly rendered with the correct parameters.
In addition , make sure the parameter
jansBaseFolder
is available when thekc.service
service template is being rendered.This contains the base configuration folder for jans (
/etc/jans
) usually.Remove reference to Jans SCIM Client
There was a requirement to create a scim client called
Jans SCIM Client for SAML
. We will have to remove it as it is no more necessary.Switch keycloak from dev to production.
In
kc.service
, the start argument isstart-dev
, but ought to bestart
so we run in production mode , but this requires switch from the H2 file database used by keycloak to a production database. This may require further discussion , but I think it can be done already for postgresql. Supported databases by keycloak can be found here https://www.keycloak.org/server/db.But when the database we use to install is postgresql , for now , let's do the following:
start-dev
tostart
keycloak
and a database of the same name.keycloak.conf
(check thedb
,db-username
,db-password
anddb-url
in the same file). Thedb-url
should be of the formatjdbc:postgresql://<server>:<port>/<db-name>
In addition during startup , it's important to run
/opt/keycloak/bin/kc.sh build
before starting the keycloak service.The text was updated successfully, but these errors were encountered: