feat: using community version of keycloak 24

.github/workflows/publish-image-rhbk-dev.yml

@@ -52,7 +52,7 @@ jobs:
           context: docker/keycloak
           push: true
           tags: ${{ env.GITHUB_REGISTRY }}/${{env.IMAGE_NAME}}:dev
-          file: docker/keycloak/Dockerfile-22.0.8
+          file: docker/keycloak/Dockerfile-24.0.2
           cache-from: type=local,src=/tmp/.buildx-cache
           cache-to: type=local,dest=/tmp/.buildx-cache-new
 

docker/keycloak/Dockerfile-24.0.2

@@ -0,0 +1,36 @@
+FROM maven:3.8.5-openjdk-17-slim AS extensions-builder
+
+COPY ./extensions-24.0.2 /tmp/
+WORKDIR /tmp/
+RUN mvn -B clean package --file pom.xml
+
+FROM quay.io/keycloak/keycloak:24.0.2 as builder
+
+# Enable health and metrics support
+ENV KC_HEALTH_ENABLED=true
+ENV KC_METRICS_ENABLED=true
+
+# Configure a database vendor
+ENV KC_DB=postgres
+
+COPY --from=extensions-builder /tmp/services/target/bcgov-services-1.0.0.jar /opt/keycloak/providers/
+
+WORKDIR /opt/keycloak
+# for demonstration purposes only, please make sure to use proper certificates in production instead
+RUN keytool -genkeypair -storepass password -storetype PKCS12 -keyalg RSA -keysize 2048 -dname "CN=server" -alias server -ext "SAN:c=DNS:localhost,IP:127.0.0.1" -keystore conf/server.keystore
+RUN /opt/keycloak/bin/kc.sh build
+
+FROM quay.io/keycloak/keycloak:24.0.2
+COPY --from=builder /opt/keycloak/ /opt/keycloak/
+
+# copy the theme directory to `/opt/keycloak/themes/` for now, but we can consider to archive to be deployed later.
+COPY ./extensions-24.0.2/themes/src/main/resources/theme /opt/keycloak/themes
+
+# COPY ./configuration/cache-ispn-custom.xml /opt/keycloak/conf
+
+COPY ./configuration/keycloak.conf /opt/keycloak/conf
+
+COPY ./configuration/quarkus.properties /opt/keycloak/conf
+
+# change these values to point to a running postgres instance
+ENTRYPOINT ["/opt/keycloak/bin/kc.sh"]

docker/keycloak/configuration/keycloak.conf

@@ -12,7 +12,7 @@ log-console-color=false
 log-file=/var/log/eap/${HOSTNAME}.log
 
 # root-logger-level:INFO
-log-level=debug,com.arjuna:warn,io.jaegertracing.Configuration:warn,org.jboss.as.config:debug,org.keycloak.events:debug,sun.rmi:warn
+log-level=info,com.arjuna:warn,io.jaegertracing.Configuration:warn,org.jboss.as.config:debug,org.keycloak.events:debug,sun.rmi:warn
 log-console-output=json
 log-file-output=json
 

docker/keycloak/extensions-24.0.2/pom.xml

@@ -0,0 +1,33 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+
+    <groupId>com.github.bcgov.keycloak</groupId>
+    <artifactId>extensions-parent</artifactId>
+    <version>1.0.0</version>
+    <packaging>pom</packaging>
+
+    <properties>
+        <maven.compiler.source>17</maven.compiler.source>
+        <maven.compiler.target>17</maven.compiler.target>
+        <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
+        <keycloak.version>22.0.0</keycloak.version>
+    </properties>
+
+    <build>
+        <pluginManagement>
+            <plugins>
+                <plugin>
+                    <groupId>org.apache.maven.plugins</groupId>
+                    <artifactId>maven-jar-plugin</artifactId>
+                    <version>3.2.0</version>
+                </plugin>
+            </plugins>
+        </pluginManagement>
+    </build>
+
+    <modules>
+        <module>services</module>
+        <module>themes</module>
+    </modules>
+</project>

docker/keycloak/extensions-24.0.2/services/pom.xml

@@ -0,0 +1,153 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+
+    <parent>
+        <groupId>com.github.bcgov.keycloak</groupId>
+        <artifactId>extensions-parent</artifactId>
+        <version>1.0.0</version>
+    </parent>
+
+    <artifactId>bcgov-services</artifactId>
+    <packaging>jar</packaging>
+
+    <build>
+        <plugins>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-shade-plugin</artifactId>
+                <version>3.2.4</version>
+                <executions>
+                    <execution>
+                        <phase>package</phase>
+                        <goals>
+                            <goal>shade</goal>
+                        </goals>
+                        <configuration>
+                            <artifactSet>
+                                <excludes>
+                                    <exclude>classworlds:classworlds</exclude>
+                                    <exclude>junit:junit</exclude>
+                                    <exclude>jmock:*</exclude>
+                                    <exclude>*:xml-apis</exclude>
+                                    <exclude>org.apache.maven:lib:tests</exclude>
+                                </excludes>
+                            </artifactSet>
+                            <shadedArtifactAttached>false</shadedArtifactAttached>
+                        </configuration>
+                    </execution>
+                </executions>
+            </plugin>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-compiler-plugin</artifactId>
+                <configuration>
+                    <source>17</source>
+                    <target>17</target>
+                </configuration>
+            </plugin>
+        </plugins>
+    </build>
+
+    <dependencyManagement>
+        <dependencies>
+            <dependency>
+                <groupId>org.keycloak.bom</groupId>
+                <artifactId>keycloak-spi-bom</artifactId>
+                <version>${keycloak.version}</version>
+                <type>pom</type>
+                <scope>import</scope>
+            </dependency>
+
+            <dependency>
+                <groupId>com.fasterxml.jackson.core</groupId>
+                <artifactId>jackson-core</artifactId>
+                <version>2.14.0</version>
+                <scope>provided</scope>
+            </dependency>
+            <dependency>
+                <groupId>com.fasterxml.jackson.core</groupId>
+                <artifactId>jackson-databind</artifactId>
+                <version>2.14.0</version>
+                <scope>provided</scope>
+            </dependency>
+            <dependency>
+                <groupId>com.fasterxml.jackson.core</groupId>
+                <artifactId>jackson-annotations</artifactId>
+                <version>2.14.0</version>
+                <scope>provided</scope>
+            </dependency>
+
+            <!-- Tests -->
+            <dependency>
+                <groupId>junit</groupId>
+                <artifactId>junit</artifactId>
+                <version>4.13.2</version>
+                <scope>test</scope>
+            </dependency>
+            <dependency>
+                <groupId>org.hamcrest</groupId>
+                <artifactId>hamcrest-all</artifactId>
+                <version>1.3</version>
+                <scope>test</scope>
+            </dependency>
+        </dependencies>
+    </dependencyManagement>
+
+    <dependencies>
+        <dependency>
+            <groupId>org.keycloak</groupId>
+            <artifactId>keycloak-core</artifactId>
+            <version>${keycloak.version}</version>
+            <scope>provided</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.keycloak</groupId>
+            <artifactId>keycloak-saml-core-public</artifactId>
+            <version>${keycloak.version}</version>
+            <scope>provided</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.keycloak</groupId>
+            <artifactId>keycloak-server-spi</artifactId>
+            <version>${keycloak.version}</version>
+            <scope>provided</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.keycloak</groupId>
+            <artifactId>keycloak-server-spi-private</artifactId>
+            <version>${keycloak.version}</version>
+            <scope>provided</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.keycloak</groupId>
+            <artifactId>keycloak-model-infinispan</artifactId>
+            <version>${keycloak.version}</version>
+            <scope>provided</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.keycloak</groupId>
+            <artifactId>keycloak-services</artifactId>
+            <version>${keycloak.version}</version>
+            <scope>provided</scope>
+        </dependency>
+
+         <!-- Test -->
+        <dependency>
+            <groupId>junit</groupId>
+            <artifactId>junit</artifactId>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.mockito</groupId>
+            <artifactId>mockito-all</artifactId>
+            <version>1.9.5</version>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.hamcrest</groupId>
+            <artifactId>hamcrest-all</artifactId>
+            <scope>test</scope>
+        </dependency>
+    </dependencies>
+</project>

docker/keycloak/extensions-24.0.2/services/src/main/java/com/github/bcgov/keycloak/authenticators/BrokeredIdentityContext.java

@@ -0,0 +1,14 @@
+package com.github.bcgov.keycloak.authenticators;
+
+import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
+import com.fasterxml.jackson.annotation.JsonProperty;
+
+@JsonIgnoreProperties(ignoreUnknown = true)
+public class BrokeredIdentityContext {
+  @JsonProperty("identityProviderId")
+  protected String identityProviderId;
+
+  public String getIdentityProviderId() {
+    return identityProviderId;
+  }
+}

docker/keycloak/extensions-24.0.2/services/src/main/java/com/github/bcgov/keycloak/authenticators/ClientLoginAuthenticator.java

@@ -0,0 +1,67 @@
+package com.github.bcgov.keycloak.authenticators;
+
+import org.keycloak.authentication.AuthenticationFlowContext;
+import org.keycloak.authentication.Authenticator;
+import org.keycloak.models.*;
+import org.keycloak.sessions.AuthenticationSessionModel;
+
+import java.util.Objects;
+import java.util.Optional;
+
+/** @author <a href="mailto:[email protected]">Junmin Ahn</a> */
+public class ClientLoginAuthenticator implements Authenticator {
+
+  private static final String DEFAULT_CLIENT_MEMBER_ROLE = "member";
+
+  @Override
+  public void authenticate(AuthenticationFlowContext context) {
+    AuthenticatorConfigModel config = context.getAuthenticatorConfig();
+
+    String mrole = DEFAULT_CLIENT_MEMBER_ROLE;
+    if (config != null
+        && config.getConfig() != null
+        && config.getConfig().containsKey(ClientLoginAuthenticatorFactory.MEMBER_ROLE_NAME)) {
+      mrole = config.getConfig().get(ClientLoginAuthenticatorFactory.MEMBER_ROLE_NAME);
+    }
+
+    final String clientMemberRole = mrole;
+
+    AuthenticationSessionModel session = context.getAuthenticationSession();
+    ClientModel client = session.getClient();
+    UserModel user = session.getAuthenticatedUser();
+    RoleModel memberRole = client.getRole(clientMemberRole);
+    if (memberRole == null) {
+      memberRole = client.addRole(clientMemberRole);
+    }
+
+    Optional<RoleModel> assignedMemberRole =
+        user.getClientRoleMappingsStream(client)
+            .filter(role -> Objects.equals(clientMemberRole, role.getName()))
+            .findFirst();
+
+    if (!assignedMemberRole.isPresent()) {
+      user.grantRole(memberRole);
+    }
+
+    context.success();
+  }
+
+  @Override
+  public void action(AuthenticationFlowContext context) { /* This is ok */ }
+
+  @Override
+  public boolean requiresUser() {
+    return false;
+  }
+
+  @Override
+  public boolean configuredFor(KeycloakSession session, RealmModel realm, UserModel user) {
+    return true;
+  }
+
+  @Override
+  public void setRequiredActions(KeycloakSession session, RealmModel realm, UserModel user) { /* This is ok */ }
+
+  @Override
+  public void close() { /* This is ok */ }
+}