CAMEL-23452: camel-keycloak - Add Organizations API operations (Keycloak 26+)#23113
Merged
Conversation
…oak 26+) Wires the Keycloak 26 Organizations primitive (OrganizationsResource / OrganizationResource) into the existing camel-keycloak component: * New KeycloakOperations enum values: createOrganization, updateOrganization, deleteOrganization, getOrganization, listOrganizations, searchOrganizations, addOrganizationMember, removeOrganizationMember, listOrganizationMembers, linkOrganizationIdentityProvider, unlinkOrganizationIdentityProvider, listOrganizationIdentityProviders. * New KeycloakConstants headers: ORGANIZATION_ID, ORGANIZATION_NAME, ORGANIZATION_ALIAS, ORGANIZATION_DESCRIPTION, ORGANIZATION_REDIRECT_URL, ORGANIZATION_DOMAIN and ORGANIZATION_SEARCH. * Producer logic in KeycloakProducer follows the existing switch-on-operation pattern, with header-driven and pojoRequest variants for create/update, paging support for list/search/listMembers, and consistent missing-input validation messages. Unit tests cover happy-path mocking for all 12 operations plus missing-name / missing-id validation. The testcontainers-based KeycloakTestInfraIT exercises the full create / list / get / search / member-add / member-list / member-remove / link-idp / list-idps / unlink-idp / delete lifecycle against a real Keycloak server, and adds a dedicated cleanup step ordered before the existing IdP/realm cleanup. keycloak-component.adoc is updated with the new operations in the Supported Operations summary and a new "Organization Operations" section with end-to-end Java examples. Signed-off-by: Andrea Cosentino <ancosen@gmail.com>
Contributor
|
🌟 Thank you for your contribution to the Apache Camel project! 🌟 🐫 Apache Camel Committers, please review the following items:
|
Add the regenerated camel-catalog and camel-endpointdsl artifacts for the new Organizations operations and headers introduced in the previous commit. CI flags these as uncommitted changes when they are not part of the PR. Signed-off-by: Andrea Cosentino <ancosen@gmail.com>
orpiske
approved these changes
May 11, 2026
The Keycloak 26 Organizations API is a per-realm feature: even when the
server has the feature compiled in, every realm must opt in via
`organizationsEnabled=true` on its `RealmRepresentation`, otherwise the
`/admin/realms/{realm}/organizations` endpoint returns HTTP 404.
`KeycloakTestInfraIT.testCreateRealm` creates the test realm with
defaults (no organizations), so the 12 organization tests added in
CAMEL-23452 hit a 404 on `listOrganizations` / `searchOrganizations`
and produce a null `Location` header on `createOrganization`, which
cascades into `testOrgId should be set` failures across the remaining
member / IdP-link tests.
Fix:
* Add a `direct:updateRealm` route configured with `pojoRequest=true`.
* Add `testEnableOrganizationsOnRealm` ordered at @order(49), i.e. after
realm/user/role/group/client/IdP setup and immediately before the
organization tests. It sends a `RealmRepresentation` with
`organizationsEnabled=true` through the existing `updateRealm`
operation.
With this opt-in step, the full organization test lifecycle succeeds
against the testcontainers-based Keycloak 26 image used by
`camel-test-infra-keycloak`.
Signed-off-by: Andrea Cosentino <ancosen@gmail.com>
davsclaus
approved these changes
May 11, 2026
Contributor
|
🧪 CI tested the following changed modules:
All tested modules (10 modules)
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Motivation
Keycloak 26 introduced an Organizations primitive that allows realms to model multi-tenant scenarios — companies, customer accounts, etc. — with members and identity-provider links.
The Keycloak admin client
26.0.8already oncamel-keycloak's classpath exposes the Organizations API viaOrganizationsResource/OrganizationResource/OrganizationMembersResource/OrganizationIdentityProvidersResource, but none of it was surfaced as Camel operations. This change wires the full Organizations CRUD plus member and identity-provider management into the existingcamel-keycloakproducer.JIRA: https://issues.apache.org/jira/browse/CAMEL-23452
Changes
New operations on
KeycloakOperationscreateOrganizationpojoRequest=truewithOrganizationRepresentation).updateOrganizationdeleteOrganizationgetOrganizationlistOrganizationsFIRST_RESULT/MAX_RESULTSpaging).searchOrganizationsaddOrganizationMemberremoveOrganizationMemberlistOrganizationMemberslinkOrganizationIdentityProviderunlinkOrganizationIdentityProviderlistOrganizationIdentityProvidersNew headers on
KeycloakConstantsORGANIZATION_ID,ORGANIZATION_NAME,ORGANIZATION_ALIAS,ORGANIZATION_DESCRIPTION,ORGANIZATION_REDIRECT_URL,ORGANIZATION_DOMAIN,ORGANIZATION_SEARCH. Member operations re-use the existingUSER_ID, IdP-link operations re-useIDP_ALIAS, and paging operations re-useFIRST_RESULT/MAX_RESULTS.Implementation
KeycloakProducerfollows the existing switch-on-operation pattern. Every new method validates required headers (MISSING_REALM_NAME,MISSING_ORGANIZATION_ID,MISSING_ORGANIZATION_NAME,MISSING_ORGANIZATION_MEMBER_ID,MISSING_ORGANIZATION_IDP_ALIAS) and returns either the JAX-RSResponse, a representation POJO, aList<...>, or a fixed success string — matching the conventions used by existing operations.Tests
KeycloakProducerTestadds Mockito-based unit tests for all 12 operations plus missing-name / missing-id validation.KeycloakTestInfraITexercises the full lifecycle (create → list → get → search → add-member → list-members → remove-member → link-IdP → list-IdPs → unlink-IdP → cleanup) against the testcontainers-based Keycloak fromcamel-test-infra-keycloak, with a dedicated cleanup step ordered before the existing IdP/realm teardown.@Order(49)enables the Organizations feature on the test realm viaupdateRealmwithorganizationsEnabled=true. Organizations is a per-realm opt-in in Keycloak 26, so without this the/organizationsendpoint returns HTTP 404 and the lifecycle tests cannot run.Documentation
keycloak-component.adocis updated:Organization Managemententry in the Supported Operations summary.=== Organization Operationssection with end-to-end Java examples covering all 12 operations.Regenerated artifacts
A follow-up commit adds the regenerated
camel-catalogandcamel-endpointdsloutputs for the new operations and headers (CI was rightly flagging these as missing).How to test
All 91 unit tests pass locally (28 of them in
KeycloakProducerTest, including the 11 new organization tests).Notes
keycloak-admin-client26.0.8 currently on the classpath.Claude Code on behalf of Andrea Cosentino