diff --git a/dev-env/keycloak/Dockerfile b/dev-env/keycloak/Dockerfile index 3b0bc8bac..85ee15ef2 100644 --- a/dev-env/keycloak/Dockerfile +++ b/dev-env/keycloak/Dockerfile @@ -1,4 +1,4 @@ -FROM quay.io/keycloak/keycloak:26.3.2 +FROM quay.io/keycloak/keycloak:26.6.4 # Add the Oracle JDBC jars ARG ORACLE_JDBC_VERSION=23.8.0.25.04 @@ -12,6 +12,7 @@ ENV KC_HEALTH_ENABLED=true COPY keycloak-dv-builtin-users-authenticator-1.0-SNAPSHOT.jar /opt/keycloak/providers/ # Copy additional configurations +COPY keycloak.conf /opt/keycloak/conf/ COPY quarkus.properties /opt/keycloak/conf/ COPY test-realm.json /opt/keycloak/data/import/ diff --git a/dev-env/keycloak/keycloak-dv-builtin-users-authenticator-1.0-SNAPSHOT.jar b/dev-env/keycloak/keycloak-dv-builtin-users-authenticator-1.0-SNAPSHOT.jar index 051b8f1b3..9bd21227a 100644 Binary files a/dev-env/keycloak/keycloak-dv-builtin-users-authenticator-1.0-SNAPSHOT.jar and b/dev-env/keycloak/keycloak-dv-builtin-users-authenticator-1.0-SNAPSHOT.jar differ diff --git a/dev-env/keycloak/keycloak.conf b/dev-env/keycloak/keycloak.conf new file mode 100644 index 000000000..96a9fd708 --- /dev/null +++ b/dev-env/keycloak/keycloak.conf @@ -0,0 +1,2 @@ +db-kind-user-store=postgres +db-kind-user-store-qa=postgres diff --git a/dev-env/keycloak/quarkus.properties b/dev-env/keycloak/quarkus.properties index 64ce6d898..302efba14 100644 --- a/dev-env/keycloak/quarkus.properties +++ b/dev-env/keycloak/quarkus.properties @@ -13,3 +13,14 @@ quarkus.datasource.user-store.jdbc.recovery.password=${DATAVERSE_DB_PASSWORD} quarkus.datasource.user-store.jdbc.xa-properties.serverName=${DATAVERSE_DB_HOST} quarkus.datasource.user-store.jdbc.xa-properties.portNumber=${DATAVERSE_DB_PORT} quarkus.datasource.user-store.jdbc.xa-properties.databaseName=dataverse + +quarkus.datasource.user-store-qa.jdbc.url=jdbc:postgresql://${DATAVERSE_DB_HOST}:${DATAVERSE_DB_PORT}/dataverse +quarkus.datasource.user-store-qa.username=${DATAVERSE_DB_USER} +quarkus.datasource.user-store-qa.password=${DATAVERSE_DB_PASSWORD} +quarkus.datasource.user-store-qa.jdbc.driver=org.postgresql.Driver +quarkus.datasource.user-store-qa.jdbc.transactions=disabled +quarkus.datasource.user-store-qa.jdbc.recovery.username=${DATAVERSE_DB_USER} +quarkus.datasource.user-store-qa.jdbc.recovery.password=${DATAVERSE_DB_PASSWORD} +quarkus.datasource.user-store-qa.jdbc.xa-properties.serverName=${DATAVERSE_DB_HOST} +quarkus.datasource.user-store-qa.jdbc.xa-properties.portNumber=${DATAVERSE_DB_PORT} +quarkus.datasource.user-store-qa.jdbc.xa-properties.databaseName=dataverse diff --git a/dev-env/keycloak/setup-spi.sh b/dev-env/keycloak/setup-spi.sh index 5e0fa29f7..bd6924a07 100755 --- a/dev-env/keycloak/setup-spi.sh +++ b/dev-env/keycloak/setup-spi.sh @@ -27,6 +27,14 @@ ADMIN_TOKEN=$(curl -s -X POST "http://keycloak:9080/realms/master/protocol/openi -d "grant_type=password" \ -d "client_id=admin-cli" | jq -r .access_token) +EXISTING_SPI_COUNT=$(curl -s "http://keycloak:9080/admin/realms/test/components" \ + -H "Authorization: Bearer $ADMIN_TOKEN" | jq '[.[] | select(.providerId == "dv-builtin-users-authenticator" and .providerType == "org.keycloak.storage.UserStorageProvider")] | length') + +if [ "$EXISTING_SPI_COUNT" -gt 0 ]; then + echo "Keycloak SPI already configured in realm." + exit 0 +fi + # Create user storage provider using the components endpoint curl -X POST "http://keycloak:9080/admin/realms/test/components" \ -H "Authorization: Bearer $ADMIN_TOKEN" \ diff --git a/dev-env/keycloak/test-realm.json b/dev-env/keycloak/test-realm.json index 571a1e80f..ae1949a6a 100644 --- a/dev-env/keycloak/test-realm.json +++ b/dev-env/keycloak/test-realm.json @@ -842,9 +842,11 @@ "alwaysDisplayInConsole": false, "clientAuthenticatorType": "client-secret", "redirectUris": [ - "*" + "http://localhost:8000/modern/*" + ], + "webOrigins": [ + "http://localhost:8000" ], - "webOrigins": [], "notBefore": 0, "bearerOnly": false, "consentRequired": false, @@ -2396,7 +2398,7 @@ "clientSessionMaxLifespan": "0", "frontendUrl": "" }, - "keycloakVersion": "26.3.2", + "keycloakVersion": "26.6.4", "userManagedAccessAllowed": false, "organizationsEnabled": false, "verifiableCredentialsEnabled": false, @@ -2407,4 +2409,4 @@ "clientPolicies": { "policies": [] } -} \ No newline at end of file +} diff --git a/dev-env/shib-dev-env/keycloak/Dockerfile b/dev-env/shib-dev-env/keycloak/Dockerfile index 3b0bc8bac..85ee15ef2 100644 --- a/dev-env/shib-dev-env/keycloak/Dockerfile +++ b/dev-env/shib-dev-env/keycloak/Dockerfile @@ -1,4 +1,4 @@ -FROM quay.io/keycloak/keycloak:26.3.2 +FROM quay.io/keycloak/keycloak:26.6.4 # Add the Oracle JDBC jars ARG ORACLE_JDBC_VERSION=23.8.0.25.04 @@ -12,6 +12,7 @@ ENV KC_HEALTH_ENABLED=true COPY keycloak-dv-builtin-users-authenticator-1.0-SNAPSHOT.jar /opt/keycloak/providers/ # Copy additional configurations +COPY keycloak.conf /opt/keycloak/conf/ COPY quarkus.properties /opt/keycloak/conf/ COPY test-realm.json /opt/keycloak/data/import/ diff --git a/dev-env/shib-dev-env/keycloak/keycloak-dv-builtin-users-authenticator-1.0-SNAPSHOT.jar b/dev-env/shib-dev-env/keycloak/keycloak-dv-builtin-users-authenticator-1.0-SNAPSHOT.jar index 3aa3ba47a..9bd21227a 100644 Binary files a/dev-env/shib-dev-env/keycloak/keycloak-dv-builtin-users-authenticator-1.0-SNAPSHOT.jar and b/dev-env/shib-dev-env/keycloak/keycloak-dv-builtin-users-authenticator-1.0-SNAPSHOT.jar differ diff --git a/dev-env/shib-dev-env/keycloak/keycloak.conf b/dev-env/shib-dev-env/keycloak/keycloak.conf new file mode 100644 index 000000000..96a9fd708 --- /dev/null +++ b/dev-env/shib-dev-env/keycloak/keycloak.conf @@ -0,0 +1,2 @@ +db-kind-user-store=postgres +db-kind-user-store-qa=postgres diff --git a/dev-env/shib-dev-env/keycloak/quarkus.properties b/dev-env/shib-dev-env/keycloak/quarkus.properties index 64ce6d898..302efba14 100644 --- a/dev-env/shib-dev-env/keycloak/quarkus.properties +++ b/dev-env/shib-dev-env/keycloak/quarkus.properties @@ -13,3 +13,14 @@ quarkus.datasource.user-store.jdbc.recovery.password=${DATAVERSE_DB_PASSWORD} quarkus.datasource.user-store.jdbc.xa-properties.serverName=${DATAVERSE_DB_HOST} quarkus.datasource.user-store.jdbc.xa-properties.portNumber=${DATAVERSE_DB_PORT} quarkus.datasource.user-store.jdbc.xa-properties.databaseName=dataverse + +quarkus.datasource.user-store-qa.jdbc.url=jdbc:postgresql://${DATAVERSE_DB_HOST}:${DATAVERSE_DB_PORT}/dataverse +quarkus.datasource.user-store-qa.username=${DATAVERSE_DB_USER} +quarkus.datasource.user-store-qa.password=${DATAVERSE_DB_PASSWORD} +quarkus.datasource.user-store-qa.jdbc.driver=org.postgresql.Driver +quarkus.datasource.user-store-qa.jdbc.transactions=disabled +quarkus.datasource.user-store-qa.jdbc.recovery.username=${DATAVERSE_DB_USER} +quarkus.datasource.user-store-qa.jdbc.recovery.password=${DATAVERSE_DB_PASSWORD} +quarkus.datasource.user-store-qa.jdbc.xa-properties.serverName=${DATAVERSE_DB_HOST} +quarkus.datasource.user-store-qa.jdbc.xa-properties.portNumber=${DATAVERSE_DB_PORT} +quarkus.datasource.user-store-qa.jdbc.xa-properties.databaseName=dataverse diff --git a/dev-env/shib-dev-env/keycloak/setup-spi.sh b/dev-env/shib-dev-env/keycloak/setup-spi.sh index 5e0fa29f7..bd6924a07 100755 --- a/dev-env/shib-dev-env/keycloak/setup-spi.sh +++ b/dev-env/shib-dev-env/keycloak/setup-spi.sh @@ -27,6 +27,14 @@ ADMIN_TOKEN=$(curl -s -X POST "http://keycloak:9080/realms/master/protocol/openi -d "grant_type=password" \ -d "client_id=admin-cli" | jq -r .access_token) +EXISTING_SPI_COUNT=$(curl -s "http://keycloak:9080/admin/realms/test/components" \ + -H "Authorization: Bearer $ADMIN_TOKEN" | jq '[.[] | select(.providerId == "dv-builtin-users-authenticator" and .providerType == "org.keycloak.storage.UserStorageProvider")] | length') + +if [ "$EXISTING_SPI_COUNT" -gt 0 ]; then + echo "Keycloak SPI already configured in realm." + exit 0 +fi + # Create user storage provider using the components endpoint curl -X POST "http://keycloak:9080/admin/realms/test/components" \ -H "Authorization: Bearer $ADMIN_TOKEN" \ diff --git a/dev-env/shib-dev-env/keycloak/test-realm.json b/dev-env/shib-dev-env/keycloak/test-realm.json index 0b53d51db..65552820e 100644 --- a/dev-env/shib-dev-env/keycloak/test-realm.json +++ b/dev-env/shib-dev-env/keycloak/test-realm.json @@ -2636,7 +2636,7 @@ "frontendUrl": "https://localhost", "acr.loa.map": "{}" }, - "keycloakVersion": "26.1.4", + "keycloakVersion": "26.6.4", "userManagedAccessAllowed": false, "organizationsEnabled": false, "verifiableCredentialsEnabled": false,