Update Keycloak to 24.0.4

This update sets verify-profile required to true so we need to provide firstname, lastname and email for each user. Otherwise the user is forced to enter them during first login. Machine login is for those users not possible as long verify-profile is not happy
cryptomator · May 24, 2024 · bc9ab13 · bc9ab13
1 parent 52bb5ab
commit bc9ab13
Show file tree

Hide file tree

Showing 3 changed files with 23 additions and 4 deletions.
diff --git a/backend/src/main/resources/application.properties b/backend/src/main/resources/application.properties
@@ -33,7 +33,7 @@ hub.keycloak.oidc.cryptomator-client-id=cryptomator
 %dev.quarkus.keycloak.devservices.start-command=start-dev
 %dev.quarkus.keycloak.devservices.port=8180
 %dev.quarkus.keycloak.devservices.service-name=quarkus-cryptomator-hub
-%dev.quarkus.keycloak.devservices.image-name=ghcr.io/cryptomator/keycloak:23.0.7
+%dev.quarkus.keycloak.devservices.image-name=ghcr.io/cryptomator/keycloak:24.0.4
 %dev.quarkus.oidc.devui.grant.type=code
 # OIDC will be mocked during unit tests. Use fake auth url to prevent dev services to start:
 %test.quarkus.oidc.auth-server-url=http://localhost:43210/dev/null

diff --git a/backend/src/main/resources/dev-realm.json b/backend/src/main/resources/dev-realm.json
@@ -49,6 +49,8 @@
   "users": [
     {
       "username": "admin",
+      "firstName": "admin",
+      "lastName": "admin",
       "email": "admin@localhost",
       "enabled": true,
       "attributes": {
@@ -66,39 +68,56 @@
     },
     {
       "username": "alice",
+      "firstName": "alice",
+      "lastName": "alice",
+      "email": "alice@localhost",
       "enabled": true,
       "credentials": [{"type": "password", "value": "asd"}],
       "realmRoles": ["user"]
     },
     {
       "username": "bob",
+      "firstName": "bob",
+      "lastName": "bob",
+      "email": "bob@localhost",
       "enabled": true,
       "credentials": [{"type": "password", "value": "asd"}],
       "realmRoles": ["user"]
     },
     {
       "username": "carol",
+      "firstName": "carol",
+      "lastName": "carol",
+      "email": "carol@localhost",
       "enabled": true,
       "credentials": [{"type": "password", "value": "asd"}],
       "realmRoles": ["user"],
       "groups" : [ "/groupies" ]
     },
     {
       "username": "dave",
+      "firstName": "dave",
+      "lastName": "dave",
+      "email": "dave@localhost",
       "enabled": true,
       "credentials": [{"type": "password", "value": "asd"}],
       "realmRoles": ["user"],
       "groups" : [ "/groupies" ]
     },
     {
       "username": "erin",
+      "firstName": "erin",
+      "lastName": "erin",
+      "email": "erin@localhost",
       "enabled": true,
       "credentials": [{"type": "password", "value": "asd"}],
       "realmRoles": ["user"],
       "groups" : [ "/groupies" ]
     },
     {
       "username": "syncer",
+      "firstName": "syncer",
+      "lastName": "syncer",
       "email": "syncer@localhost",
       "enabled": true,
       "attributes": {
@@ -227,4 +246,4 @@
   "browserSecurityHeaders": {
     "contentSecurityPolicy": "frame-src 'self'; frame-ancestors 'self' http://localhost:*; object-src 'none';"
   }
-}
+}
diff --git a/keycloak/Dockerfile b/keycloak/Dockerfile
@@ -1,4 +1,4 @@
-FROM quay.io/keycloak/keycloak:23.0.7 as builder
+FROM quay.io/keycloak/keycloak:24.0.4 as builder
 ENV KC_HEALTH_ENABLED=true
 ENV KC_METRICS_ENABLED=true
 ENV KC_HTTP_RELATIVE_PATH=/kc
@@ -11,7 +11,7 @@ FROM registry.access.redhat.com/ubi9 AS ubi-micro-build
 RUN mkdir -p /mnt/rootfs
 RUN dnf install --installroot /mnt/rootfs curl --releasever 9 --setopt install_weak_deps=false --nodocs -y; dnf --installroot /mnt/rootfs clean all
 
-FROM quay.io/keycloak/keycloak:23.0.7
+FROM quay.io/keycloak/keycloak:24.0.4
 LABEL maintainer="info@skymatic.de"
 COPY --from=builder /opt/keycloak/ /opt/keycloak/
 COPY --from=ubi-micro-build /mnt/rootfs /