[ACS-8862] Bump Keycloak to 25.0.6 (#171)

Co-authored-by: Domenico Sibilio <[email protected]>

.github/workflows/ci.yml

@@ -175,7 +175,7 @@ jobs:
             --set keycloakx.command[1]="start" \
             --set keycloakx.command[2]="--import-realm" \
             --set keycloakx.command[3]="--http-relative-path=/auth" \
-            --set keycloakx.command[4]="--hostname=${HOST}" \
+            --set keycloakx.command[4]="--hostname=https://${HOST}/auth" \
             --set keycloakx.imagePullSecrets[0].name="regcred" \
             --wait
 

README.md

@@ -8,7 +8,7 @@
 *Keycloak* is a central component responsible for identity-related capabilities needed by other Alfresco software, such as managing users, groups, roles, profiles, and authentication. Currently it deals just with authentication. This project contains the open-source core of this service.
 
 For installing Keycloak you can choose either a sample Kubernetes distribution or a sample standalone distribution. Both methods are described in the following sections.
-For upgrading, it is recommended to follow the official [Keycloak upgrading guide](https://www.keycloak.org/docs/24.0.3/upgrading/).
+For upgrading, it is recommended to follow the official [Keycloak upgrading guide](https://www.keycloak.org/docs/25.0.6/upgrading/).
 
 Check the [Kubernetes deployment prerequisites](https://github.com/Alfresco/alfresco-dbp-deployment/blob/master/README-prerequisite.md) and [standalone prerequisites](#prerequisites) before you start.
 
@@ -65,7 +65,7 @@ http://<IP_ADDRESS>:8080/auth/admin/alfresco/console/
 
 #### Modifying the valid redirect URIs
 
-**Note**: for security reasons, the redirect URIs should be as specific as possible. [See Keycloak official documentation](https://www.keycloak.org/docs/24.0.3/securing_apps/#redirect-uris).
+**Note**: for security reasons, the redirect URIs should be as specific as possible. [See Keycloak official documentation](https://www.keycloak.org/docs/25.0.6/securing_apps/#redirect-uris).
 
   1. After logging in to the Alfresco realm follow the left side menu and choose clients.
   2. Choose the Alfresco client from the client list.
@@ -146,7 +146,7 @@ The above steps will deploy _Keycloak_ with the **default example realm applied*
 
 #### Changing Alfresco Client redirectUris
 
-**Note**: for security reasons, the redirect URIs should be as specific as possible. [See Keycloak official documentation](https://www.keycloak.org/docs/24.0.3/securing_apps/#redirect-uris).
+**Note**: for security reasons, the redirect URIs should be as specific as possible. [See Keycloak official documentation](https://www.keycloak.org/docs/25.0.6/securing_apps/#redirect-uris).
 
 You can override the default redirectUri of `http://localhost*` for your environment with the `realm.alfresco.client.redirectUris` property:
 
@@ -201,7 +201,7 @@ For added resilience, we rely on support in the Keycloak chart for specifying mu
 In addition, for high availability, Keycloak supports clustering. For more information on how to configure high availability and clustering, you can consult this additional documentation.  
 
 
-[Keycloak-X chart Readme](https://github.com/codecentric/helm-charts/blob/keycloakx-2.2.1/charts/keycloakx/README.md#high-availability-and-clustering)
+[Keycloak-X chart Readme](https://github.com/codecentric/helm-charts/blob/keycloakx-2.5.1/charts/keycloakx/README.md#high-availability-and-clustering)
 
 
 [Configuring Keycloak for production](https://www.keycloak.org/server/configuration-production)
@@ -256,21 +256,21 @@ helm install $RELEASENAME helm/alfresco-keycloak --devel \
 
 For further details see [Setting a Custom Realm](https://github.com/codecentric/helm-charts/tree/keycloak-18.0.0/charts/keycloak#setting-a-custom-realm).
 
-Once Keycloak is up and running, login to the [Management Console](https://www.keycloak.org/docs/24.0.3/server_admin/index.html#using-the-admin-console) to configure the required realm.
+Once Keycloak is up and running, login to the [Management Console](https://www.keycloak.org/docs/25.0.6/server_admin/index.html#using-the-admin-console) to configure the required realm.
 
 #### Manually
 
-1. [Add a realm](https://www.keycloak.org/docs/24.0.3/server_admin/index.html#proc-creating-a-realm_server_administration_guide) named "Alfresco"
+1. [Add a realm](https://www.keycloak.org/docs/25.0.6/server_admin/index.html#proc-creating-a-realm_server_administration_guide) named "Alfresco"
 
-2. [Create an OIDC client](https://www.keycloak.org/docs/24.0.3/server_admin/index.html#_oidc_clients) named "alfresco" within the Alfresco realm
+2. [Create an OIDC client](https://www.keycloak.org/docs/25.0.6/server_admin/index.html#_oidc_clients) named "alfresco" within the Alfresco realm
 
-3. [Create a group](https://www.keycloak.org/docs/24.0.3/server_admin/index.html#proc-managing-groups_server_administration_guide) named "admin"
+3. [Create a group](https://www.keycloak.org/docs/25.0.6/server_admin/index.html#proc-managing-groups_server_administration_guide) named "admin"
 
-4. [Add a new user](https://www.keycloak.org/docs/24.0.3/server_admin/index.html#proc-creating-user_server_administration_guide) with a username of "testuser", email of "[email protected]" and first and last name of "test"
+4. [Add a new user](https://www.keycloak.org/docs/25.0.6/server_admin/index.html#proc-creating-user_server_administration_guide) with a username of "testuser", email of "[email protected]" and first and last name of "test"
 
 #### Using the Sample Realm File
 
-1. Go to the [Add Realm](https://www.keycloak.org/docs/24.0.3/server_admin/index.html#proc-creating-a-realm_server_administration_guide) page and click the "Select File" button next to the **Import** label.
+1. Go to the [Add Realm](https://www.keycloak.org/docs/25.0.6/server_admin/index.html#proc-creating-a-realm_server_administration_guide) page and click the "Select File" button next to the **Import** label.
 
 2. Choose the [sample realm](./alfresco-realm.json) file and click the "Create" button.
 

distribution/build.properties

@@ -1,2 +1,2 @@
-KEYCLOAK_VERSION=24.0.3
+KEYCLOAK_VERSION=25.0.6
 THEME_VERSION=0.3.5

helm/alfresco-keycloak/Chart.yaml

@@ -1,7 +1,7 @@
 apiVersion: v2
 name: alfresco-keycloak
 version: 1.0.0
-appVersion: 24.0.3
+appVersion: 25.0.6
 description: This is just a sample Helm installation of raw Keycloak with the Alfresco Realm and Theme pre-installed.
 keywords:
   - alfresco
@@ -13,7 +13,7 @@ maintainers:
   - name: Alfresco
 dependencies:
   - name: keycloakx
-    version: 2.2.1
+    version: 2.5.1
     repository: https://codecentric.github.io/helm-charts
   - name: common
     version: 1.11.3

helm/alfresco-keycloak/README.md

@@ -1,6 +1,6 @@
 # alfresco-keycloak
 
-![Version: 1.0.0](https://img.shields.io/badge/Version-1.0.0-informational?style=flat-square) ![AppVersion: 24.0.3](https://img.shields.io/badge/AppVersion-24.0.3-informational?style=flat-square)
+![Version: 1.0.0](https://img.shields.io/badge/Version-1.0.0-informational?style=flat-square) ![AppVersion: 25.0.6](https://img.shields.io/badge/AppVersion-25.0.6-informational?style=flat-square)
 
 This is just a sample Helm installation of raw Keycloak with the Alfresco Realm and Theme pre-installed.
 
@@ -22,7 +22,7 @@ This is just a sample Helm installation of raw Keycloak with the Alfresco Realm
 |------------|------|---------|
 | https://charts.bitnami.com/bitnami | common | 1.11.3 |
 | https://charts.bitnami.com/bitnami | postgresql | 11.9.13 |
-| https://codecentric.github.io/helm-charts | keycloakx | 2.2.1 |
+| https://codecentric.github.io/helm-charts | keycloakx | 2.5.1 |
 
 ## Values
 
@@ -44,12 +44,12 @@ This is just a sample Helm installation of raw Keycloak with the Alfresco Realm
 | keycloakx.extraInitContainers | string | `"- name: theme-provider\n  image: busybox:1.36\n  imagePullPolicy: IfNotPresent\n  command:\n    - sh\n  args:\n    - -c\n    - |\n      THEME_VERSION=0.3.5\n      wget https://github.com/Alfresco/alfresco-keycloak-theme/releases/download/${THEME_VERSION}/alfresco-keycloak-theme-${THEME_VERSION}.zip -O /alfresco.zip\n      unzip alfresco.zip\n      mv alfresco/* /theme/\n  volumeMounts:\n    - name: theme\n      mountPath: /theme\n"` |  |
 | keycloakx.extraVolumeMounts | string | `"- name: realm-secret\n  mountPath: \"/opt/keycloak/data/import/\"\n  readOnly: true\n- name: theme\n  mountPath: \"/opt/keycloak/themes/alfresco\"\n  readOnly: true\n"` |  |
 | keycloakx.extraVolumes | string | `"- name: realm-secret\n  secret:\n    secretName: realm-secret\n- name: theme\n  emptyDir: {}\n"` |  |
-| keycloakx.image.tag | string | `"24.0.3"` |  |
+| keycloakx.image.tag | string | `"25.0.6"` |  |
 | keycloakx.imagePullSecrets[0].name | string | `"quay-registry-secret"` |  |
 | keycloakx.rbac.create | bool | `false` |  |
 | keycloakx.service.httpPort | int | `80` |  |
 | keycloakx.serviceAccount.create | bool | `true` |  |
-| postgresql.enabled | bool | `false` | Flag introduced for testing purposes, to actually run this with postgresql follow the approach explained [here](https://github.com/codecentric/helm-charts/blob/keycloakx-2.2.1/charts/keycloakx/examples/postgresql/readme.md). |
+| postgresql.enabled | bool | `false` | Flag introduced for testing purposes, to actually run this with postgresql follow the approach explained [here](https://github.com/codecentric/helm-charts/blob/keycloakx-2.5.1/charts/keycloakx/examples/postgresql/readme.md). |
 | realm.alfresco.adminPassword | string | `"admin"` |  |
 | realm.alfresco.client.redirectUris | list | `["*"]` | For security reasons, override the default value and use URIs to be as specific as possible. [See Keycloak official documentation](https://www.keycloak.org/docs/latest/securing_apps/#redirect-uris). |
 | realm.alfresco.client.webOrigins[0] | string | `"http://localhost*"` |  |

helm/alfresco-keycloak/alfresco-realm.json

@@ -2613,7 +2613,7 @@
     "clientOfflineSessionIdleTimeout": "0",
     "cibaInterval": "5"
   },
-  "users": [ 
+  "users": [
     {
       "id": "60a9b6c5-64ef-405f-8c6f-66bd8cd3878a",
       "createdTimestamp": 1533234734911,
@@ -2633,8 +2633,8 @@
           "value" : "{{ .Values.realm.alfresco.adminPassword}}"
         }
       ],
-      "disableableCredentialTypes": [ 
-        "password" 
+      "disableableCredentialTypes": [
+        "password"
       ],
       "requiredActions": [],
       "realmRoles": [
@@ -2646,31 +2646,31 @@
       ,
       {{ . | toJson }}
       {{- end }}
-      {{- end }} 
+      {{- end }}
       ],
       "clientRoles": {
-        "realm-management": [ 
-          "view-clients", 
-          "manage-users", 
-          "manage-clients", 
-          "view-users", 
-          "manage-realm", 
-          "view-realm" 
+        "realm-management": [
+          "view-clients",
+          "manage-users",
+          "manage-clients",
+          "view-users",
+          "manage-realm",
+          "view-realm"
         ],
-        "account": [ 
-          "manage-account", 
-          "view-profile" 
+        "account": [
+          "manage-account",
+          "view-profile"
         ]
       },
-      "groups": [ 
-        "/admin" 
+      "groups": [
+        "/admin"
       ]
     } {{- if .Values.realm.alfresco.extraUsers -}}
     {{- range .Values.realm.alfresco.extraUsers -}}
     , {{ . | toJson }}
     {{- end }}
     {{- end }}
   ],
-  "keycloakVersion": "24.0.3",
+  "keycloakVersion": "25.0.6",
   "userManagedAccessAllowed": false
 }

helm/alfresco-keycloak/values.yaml

@@ -67,7 +67,7 @@ keycloakx:
   rbac:
     create: false
   image:
-    tag: 24.0.3
+    tag: 25.0.6
   imagePullSecrets:
     - name: quay-registry-secret
   serviceAccount:
@@ -115,5 +115,5 @@ keycloakx:
           mountPath: /theme
 
 postgresql:
-  # -- Flag introduced for testing purposes, to actually run this with postgresql follow the approach explained [here](https://github.com/codecentric/helm-charts/blob/keycloakx-2.2.1/charts/keycloakx/examples/postgresql/readme.md).
+  # -- Flag introduced for testing purposes, to actually run this with postgresql follow the approach explained [here](https://github.com/codecentric/helm-charts/blob/keycloakx-2.5.1/charts/keycloakx/examples/postgresql/readme.md).
   enabled: false

test/saml/pom.xml

@@ -23,7 +23,7 @@
     <maven-compiler-plugin>3.8.0</maven-compiler-plugin>
     <maven-surefire-plugin.version>2.21.0</maven-surefire-plugin.version>
     <maven-dependency-plugin.version>3.1.2</maven-dependency-plugin.version>
-    <!-- IDS version where to test the upgrade scenario to the version defined in the build.properties file. E.g. upgrade IDS 1.8.0 to Keycloak 24.0.3 -->
+    <!-- IDS version where to test the upgrade scenario to the version defined in the build.properties file. E.g. upgrade IDS 1.8.0 to Keycloak 25.0.6 -->
     <identity-service-from.version>1.8.0.1</identity-service-from.version>
   </properties>
 

test/scripts/set_idp_config.sh

@@ -36,7 +36,7 @@ while [ "$PODS_COUNTER" -lt "$PODS_COUNTER_MAX" ]; do
     continue
 done
 if [ "$PODS_COUNTER" -ge "$PODS_COUNTER_MAX" ]; then
-    log_info "AIS did not started properly - exit"
+    log_info "AIS did not start properly - exit"
     exit 1
 fi