test update keycloak

2023-01-23 12:34:25 +00:00 · 2023-01-23 12:34:25 +00:00 · 4b9362e62b
parent f4a3d38384
commit 4b9362e62b
5 changed files with 61 additions and 21 deletions
--- a/dd-apps/docker/nextcloud/saml.sh
+++ b/dd-apps/docker/nextcloud/saml.sh
@ -7,10 +7,11 @@ if [ "${current_nc_saml}" = "{}" ] || [ "${current_nc_saml}" = "[]" ]; then
 fi
 # Gather variables
 ## When keycloak gets updated, /auth disappears
 idp_entityid_port="https://sso.${DOMAIN}:8443/auth/realms/master"
 idp_entityid="https://sso.${DOMAIN}/auth/realms/master"
-idp_sso_url="${idp_entityid}/protocol/saml"
+idp_sso_url="https://sso.${DOMAIN}/auth/realms/master/protocol/saml"
 ## This one has no PEM headers or newlines
-idp_x509cert="$(curl -s "${idp_entityid}/protocol/openid-connect/certs" | sed -E 's!.*RS256[^}]*x5c":\["([^"]+)".*!\1!')"
+idp_x509cert="$(curl -s -k "${idp_entityid_port}/protocol/openid-connect/certs" | sed -E 's!.*RS256[^}]*x5c":\["([^"]+)".*!\1!')"
 ## PEM format
 sp_x509cert="$(cat /saml/public.crt)"
--- a/2
+++ b/2
@ -546,6 +546,8 @@ setup_keycloak(){
 	export PYTHONWARNINGS='ignore:Unverified HTTPS request'
 	cd /admin/saml_scripts/ && python3 keycloak_config.py
 	EOF
 #./kc.sh import --file ../import/realm.json --override true
 }
 saml_generate_certificates(){
--- a/dd-sso/docker-compose-parts/keycloak.yml
+++ b/dd-sso/docker-compose-parts/keycloak.yml
@ -26,31 +26,39 @@ services:
      args:
        - IMG=${KEYCLOAK_IMG}
    container_name: dd-sso-keycloak
    hostname: sso.${DOMAIN}
    volumes:
      - /etc/localtime:/etc/localtime:ro
-      - ${BUILD_SSO_ROOT_PATH}/init/keycloak/jsons:/opt/jboss/keycloak/imports
+      # - ${BUILD_SSO_ROOT_PATH}/init/keycloak/jsons/realm:/opt/keycloak/data/import/
-      - ${BUILD_SSO_ROOT_PATH}/init/keycloak/scripts/:/opt/jboss/startup-scripts/
+      # - ${BUILD_SSO_ROOT_PATH}/init/keycloak/scripts/:/opt/keycloak/startup-scripts/
-      - ${CUSTOM_PATH}/custom/img:/opt/jboss/keycloak/themes/dd/login/resources/custom-img
+      - ${CUSTOM_PATH}/custom/img:/opt/keycloak/themes/dd/login/resources/custom-img
-      - ${BUILD_SSO_ROOT_PATH}/docker/keycloak/themes/dd-custom:/opt/jboss/keycloak/themes/dd-custom
+      - ${BUILD_SSO_ROOT_PATH}/docker/keycloak/themes/dd-custom:/opt/keycloak/themes/dd-custom
-      - ${BUILD_SSO_ROOT_PATH}/docker/keycloak/extensions/avatar-minio-extension-bundle-1.0.1.0-SNAPSHOT.ear:/opt/jboss/keycloak/standalone/deployments/avatar-minio-extension-bundle-1.0.1.0-SNAPSHOT.ear
+      # - ${BUILD_SSO_ROOT_PATH}/docker/keycloak/extensions/avatar-minio-extension-bundle-1.0.1.0-SNAPSHOT.ear:/opt/keycloak/standalone/deployments/avatar-minio-extension-bundle-1.0.1.0-SNAPSHOT.ear
    environment:
      - AVATARS_SERVER_URL=http://dd-sso-avatars:9000
      - AVATARS_ACCESS_KEY=${AVATARS_ACCESS_KEY:-AKIAIOSFODNN7EXAMPLE}
      - AVATARS_SECRET_KEY=${AVATARS_SECRET_KEY:-wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY}
-      - KEYCLOAK_IMPORT=/opt/jboss/keycloak/imports/realm.json 
+      - KEYCLOAK_IMPORT=/opt/keycloak/data/import/realm.json
-      - DB_VENDOR=POSTGRES
+      - KC_DB=postgres
-      - DB_ADDR=${KEYCLOAK_DB_ADDR}
+      - KC_DB_URL=jdbc:postgresql://${KEYCLOAK_DB_ADDR}:5432/${KEYCLOAK_DB_DATABASE}
-      - DB_DATABASE=${KEYCLOAK_DB_DATABASE}
+      - KC_DB_USERNAME=${KEYCLOAK_DB_USER}
-      - DB_USER=${KEYCLOAK_DB_USER}
+      - KC_DB_PASSWORD=${KEYCLOAK_DB_PASSWORD}
-      - DB_SCHEMA=public
+      - KC_TRANSACTION_XA_ENABLED=false
-      - DB_PASSWORD=${KEYCLOAK_DB_PASSWORD}
+      - KC_HOSTNAME_STRICT=false
-      - KEYCLOAK_USER=${KEYCLOAK_USER}
+      - KC_HTTP_ENABLED=true
-      - KEYCLOAK_PASSWORD=${KEYCLOAK_PASSWORD}
+      - KC_HTTP_PORT=8080
-      - PROXY_ADDRESS_FORWARDING=true
+      - KC_HOSTNAME_STRICT_HTTPS=false
-      - KEYCLOAK_FRONTEND_URL=https://sso.${DOMAIN}/auth/
+      - KEYCLOAK_ADMIN=${KEYCLOAK_USER}
      - KEYCLOAK_ADMIN_PASSWORD=${KEYCLOAK_PASSWORD}
      # - PROXY_ADDRESS_FORWARDING=true
      - KC_HOSTNAME_URL=https://sso.${DOMAIN}/auth/
      - KC_HOSTNAME_ADMIN_URL=https://sso.${DOMAIN}/auth/
      - DDADMIN_USER=${DDADMIN_USER}
      - DDADMIN_PASSWORD=${DDADMIN_PASSWORD}
      - DDDOMAIN=${DOMAIN}
      # - JAVA_OPTS_APPEND=-Dkeycloak.migration.strategy=OVERWRITE_EXISTING
    command:
      - start --proxy edge --hostname-strict=false --import-realm --http-relative-path=/auth
    depends_on:
      - ${KEYCLOAK_DB_ADDR}
    restart: unless-stopped
--- a/dd-sso/docker/keycloak/Dockerfile
+++ b/dd-sso/docker/keycloak/Dockerfile
@ -1,4 +1,33 @@
 ARG IMG=${KEYCLOAK_IMG}
-FROM ${IMG}
+FROM ${IMG} as builder
 # Enable health and metrics support
 ENV KC_HEALTH_ENABLED=true
 ENV KC_METRICS_ENABLED=true
 ENV KC_HTTP_RELATIVE_PATH=/auth
 ENV KC_PROXY=edge
 # Configure a database vendor
 #ENV KC_DB=postgres
 WORKDIR /opt/keycloak
 # for demonstration purposes only, please make sure to use proper certificates in production instead
 RUN keytool -genkeypair -storepass password -storetype PKCS12 -keyalg RSA -keysize 2048 -dname "CN=server" -alias server -ext "SAN:c=DNS:localhost,IP:127.0.0.1" -keystore conf/server.keystore
 COPY themes/dd themes/dd
 RUN /opt/keycloak/bin/kc.sh build
 FROM ${IMG}
 COPY --from=builder /opt/keycloak/ /opt/keycloak/
 # change these values to point to a running postgres instance
 #ENV KC_DB_URL=<DBURL>
 #ENV KC_DB_USERNAME=<DBUSERNAME>
 #ENV KC_DB_PASSWORD=<DBPASSWORD>
 #ENV KC_HOSTNAME=localhost
 ENTRYPOINT ["/opt/keycloak/bin/kc.sh"]
 COPY themes/dd /opt/jboss/keycloak/themes/dd
--- a/dd.conf.sample
+++ b/dd.conf.sample
@ -174,7 +174,7 @@ WORDPRESS_IMG=wordpress:5.7.2-php7.4-apache
 WORDPRESS_CLI_IMG=wordpress:cli-2.5.0-php7.4
 ## KEYCLOAK
-KEYCLOAK_IMG=quay.io/keycloak/keycloak:16.1.1
+KEYCLOAK_IMG=quay.io/keycloak/keycloak:20.0.3
 ## ETHERPAD
 #ETHERPAD_IMG=node:16.13.2