test update keycloak

2023-01-23 12:34:25 +00:00 · 2023-01-23 12:34:25 +00:00 · 4b9362e62b
parent f4a3d38384
commit 4b9362e62b
5 changed files with 61 additions and 21 deletions
--- a/dd-apps/docker/nextcloud/saml.sh
+++ b/dd-apps/docker/nextcloud/saml.sh
@ -7,10 +7,11 @@ if [ "${current_nc_saml}" = "{}" ] || [ "${current_nc_saml}" = "[]" ]; then
 fi
 # Gather variables
 ## When keycloak gets updated, /auth disappears
+idp_entityid_port="https://sso.${DOMAIN}:8443/auth/realms/master"
 idp_entityid="https://sso.${DOMAIN}/auth/realms/master"
-idp_sso_url="${idp_entityid}/protocol/saml"
+idp_sso_url="https://sso.${DOMAIN}/auth/realms/master/protocol/saml"
 ## This one has no PEM headers or newlines
-idp_x509cert="$(curl -s "${idp_entityid}/protocol/openid-connect/certs" | sed -E 's!.*RS256[^}]*x5c":\["([^"]+)".*!\1!')"
+idp_x509cert="$(curl -s -k "${idp_entityid_port}/protocol/openid-connect/certs" | sed -E 's!.*RS256[^}]*x5c":\["([^"]+)".*!\1!')"

 ## PEM format
 sp_x509cert="$(cat /saml/public.crt)"
--- a/2
+++ b/2
@ -546,6 +546,8 @@ setup_keycloak(){
 	export PYTHONWARNINGS='ignore:Unverified HTTPS request'
 	cd /admin/saml_scripts/ && python3 keycloak_config.py
 	EOF
+	
+#./kc.sh import --file ../import/realm.json --override true
 }

 saml_generate_certificates(){
--- a/dd-sso/docker-compose-parts/keycloak.yml
+++ b/dd-sso/docker-compose-parts/keycloak.yml
@ -26,31 +26,39 @@ services:
      args:
        - IMG=${KEYCLOAK_IMG}
    container_name: dd-sso-keycloak
+    hostname: sso.${DOMAIN}
    volumes:
      - /etc/localtime:/etc/localtime:ro
-      - ${BUILD_SSO_ROOT_PATH}/init/keycloak/jsons:/opt/jboss/keycloak/imports
-      - ${BUILD_SSO_ROOT_PATH}/init/keycloak/scripts/:/opt/jboss/startup-scripts/
-      - ${CUSTOM_PATH}/custom/img:/opt/jboss/keycloak/themes/dd/login/resources/custom-img
-      - ${BUILD_SSO_ROOT_PATH}/docker/keycloak/themes/dd-custom:/opt/jboss/keycloak/themes/dd-custom
-      - ${BUILD_SSO_ROOT_PATH}/docker/keycloak/extensions/avatar-minio-extension-bundle-1.0.1.0-SNAPSHOT.ear:/opt/jboss/keycloak/standalone/deployments/avatar-minio-extension-bundle-1.0.1.0-SNAPSHOT.ear
+      # - ${BUILD_SSO_ROOT_PATH}/init/keycloak/jsons/realm:/opt/keycloak/data/import/
+      # - ${BUILD_SSO_ROOT_PATH}/init/keycloak/scripts/:/opt/keycloak/startup-scripts/
+      - ${CUSTOM_PATH}/custom/img:/opt/keycloak/themes/dd/login/resources/custom-img
+      - ${BUILD_SSO_ROOT_PATH}/docker/keycloak/themes/dd-custom:/opt/keycloak/themes/dd-custom
+      # - ${BUILD_SSO_ROOT_PATH}/docker/keycloak/extensions/avatar-minio-extension-bundle-1.0.1.0-SNAPSHOT.ear:/opt/keycloak/standalone/deployments/avatar-minio-extension-bundle-1.0.1.0-SNAPSHOT.ear
    environment:
      - AVATARS_SERVER_URL=http://dd-sso-avatars:9000
      - AVATARS_ACCESS_KEY=${AVATARS_ACCESS_KEY:-AKIAIOSFODNN7EXAMPLE}
      - AVATARS_SECRET_KEY=${AVATARS_SECRET_KEY:-wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY}
-      - KEYCLOAK_IMPORT=/opt/jboss/keycloak/imports/realm.json 
-      - DB_VENDOR=POSTGRES
-      - DB_ADDR=${KEYCLOAK_DB_ADDR}
-      - DB_DATABASE=${KEYCLOAK_DB_DATABASE}
-      - DB_USER=${KEYCLOAK_DB_USER}
-      - DB_SCHEMA=public
-      - DB_PASSWORD=${KEYCLOAK_DB_PASSWORD}
-      - KEYCLOAK_USER=${KEYCLOAK_USER}
-      - KEYCLOAK_PASSWORD=${KEYCLOAK_PASSWORD}
-      - PROXY_ADDRESS_FORWARDING=true
-      - KEYCLOAK_FRONTEND_URL=https://sso.${DOMAIN}/auth/
+      - KEYCLOAK_IMPORT=/opt/keycloak/data/import/realm.json
+      - KC_DB=postgres
+      - KC_DB_URL=jdbc:postgresql://${KEYCLOAK_DB_ADDR}:5432/${KEYCLOAK_DB_DATABASE}
+      - KC_DB_USERNAME=${KEYCLOAK_DB_USER}
+      - KC_DB_PASSWORD=${KEYCLOAK_DB_PASSWORD}
+      - KC_TRANSACTION_XA_ENABLED=false
+      - KC_HOSTNAME_STRICT=false
+      - KC_HTTP_ENABLED=true
+      - KC_HTTP_PORT=8080
+      - KC_HOSTNAME_STRICT_HTTPS=false
+      - KEYCLOAK_ADMIN=${KEYCLOAK_USER}
+      - KEYCLOAK_ADMIN_PASSWORD=${KEYCLOAK_PASSWORD}
+      # - PROXY_ADDRESS_FORWARDING=true
+      - KC_HOSTNAME_URL=https://sso.${DOMAIN}/auth/
+      - KC_HOSTNAME_ADMIN_URL=https://sso.${DOMAIN}/auth/
      - DDADMIN_USER=${DDADMIN_USER}
      - DDADMIN_PASSWORD=${DDADMIN_PASSWORD}
      - DDDOMAIN=${DOMAIN}
+      # - JAVA_OPTS_APPEND=-Dkeycloak.migration.strategy=OVERWRITE_EXISTING
+    command:
+      - start --proxy edge --hostname-strict=false --import-realm --http-relative-path=/auth
    depends_on:
      - ${KEYCLOAK_DB_ADDR}
    restart: unless-stopped
--- a/dd-sso/docker/keycloak/Dockerfile
+++ b/dd-sso/docker/keycloak/Dockerfile
@ -1,4 +1,33 @@
 ARG IMG=${KEYCLOAK_IMG}
-FROM ${IMG}
+FROM ${IMG} as builder
+
+# Enable health and metrics support
+ENV KC_HEALTH_ENABLED=true
+ENV KC_METRICS_ENABLED=true
+ENV KC_HTTP_RELATIVE_PATH=/auth
+ENV KC_PROXY=edge
+# Configure a database vendor
+#ENV KC_DB=postgres
+
+WORKDIR /opt/keycloak
+# for demonstration purposes only, please make sure to use proper certificates in production instead
+RUN keytool -genkeypair -storepass password -storetype PKCS12 -keyalg RSA -keysize 2048 -dname "CN=server" -alias server -ext "SAN:c=DNS:localhost,IP:127.0.0.1" -keystore conf/server.keystore
+
+COPY themes/dd themes/dd
+
+RUN /opt/keycloak/bin/kc.sh build
+
+FROM ${IMG}
+COPY --from=builder /opt/keycloak/ /opt/keycloak/
+
+
+# change these values to point to a running postgres instance
+#ENV KC_DB_URL=<DBURL>
+#ENV KC_DB_USERNAME=<DBUSERNAME>
+#ENV KC_DB_PASSWORD=<DBPASSWORD>
+#ENV KC_HOSTNAME=localhost
+ENTRYPOINT ["/opt/keycloak/bin/kc.sh"]
+
+
+

-COPY themes/dd /opt/jboss/keycloak/themes/dd
--- a/dd.conf.sample
+++ b/dd.conf.sample
@ -174,7 +174,7 @@ WORDPRESS_IMG=wordpress:5.7.2-php7.4-apache
 WORDPRESS_CLI_IMG=wordpress:cli-2.5.0-php7.4

 ## KEYCLOAK
-KEYCLOAK_IMG=quay.io/keycloak/keycloak:16.1.1
+KEYCLOAK_IMG=quay.io/keycloak/keycloak:20.0.3

 ## ETHERPAD
 #ETHERPAD_IMG=node:16.13.2