feat: rm legacy logout switch and update cache settings

bcgov · Apr 10, 2024 · d38290b · d38290b
1 parent 2306374
commit d38290b
Show file tree

Hide file tree

Showing 2 changed files with 73 additions and 16 deletions.
diff --git a/docker/keycloak/configuration/cache-ispn.xml b/docker/keycloak/configuration/cache-ispn.xml
@@ -82,4 +82,57 @@
             <memory max-count="-1"/>
         </distributed-cache>
     </cache-container>
+    <cache-container name="ejb" default-cache="repl" aliases="sfsb" modules="org.wildfly.clustering.ejb.infinispan">
+        <transport lock-timeout="60000" />
+        <replicated-cache name="repl">
+            <locking isolation="REPEATABLE_READ" />
+            <transaction mode="BATCH" />
+            <heap-memory size="10000" />
+            <file-store />
+        </replicated-cache>
+        <distributed-cache name="dist">
+            <locking isolation="REPEATABLE_READ" />
+            <transaction mode="BATCH" />
+            <file-store />
+        </distributed-cache>
+    </cache-container>
+    <cache-container name="server" default-cache="default" aliases="singleton cluster" modules="org.wildfly.clustering.server">
+        <transport lock-timeout="60000" />
+        <replicated-cache name="default">
+            <transaction mode="BATCH" />
+        </replicated-cache>
+    </cache-container>
+    <cache-container name="web" default-cache="repl" modules="org.wildfly.clustering.web.infinispan">
+        <transport lock-timeout="60000" />
+        <replicated-cache name="repl">
+            <locking isolation="REPEATABLE_READ" />
+            <transaction mode="BATCH" />
+            <file-store />
+        </replicated-cache>
+        <replicated-cache name="sso">
+            <locking isolation="REPEATABLE_READ" />
+            <transaction mode="BATCH" />
+        </replicated-cache>
+        <replicated-cache name="routing" />
+        <distributed-cache name="dist">
+            <locking isolation="REPEATABLE_READ" />
+            <transaction mode="BATCH" />
+            <file-store />
+        </distributed-cache>
+    </cache-container>
+    <cache-container name="hibernate" default-cache="local-query" modules="org.infinispan.hibernate-cache">
+        <transport lock-timeout="60000" />
+        <local-cache name="local-query">
+            <heap-memory size="10000" />
+            <expiration max-idle="100000" />
+        </local-cache>
+        <local-cache name="pending-puts">
+            <expiration max-idle="60000" />
+        </local-cache>
+        <invalidation-cache name="entity">
+            <heap-memory size="10000" />
+            <expiration max-idle="100000" />
+        </invalidation-cache>
+        <replicated-cache name="timestamps" />
+    </cache-container>
 </infinispan>
diff --git a/...ces/src/main/java/com/github/bcgov/keycloak/broker/oidc/OverrideOIDCIdentityProvider.java b/...ces/src/main/java/com/github/bcgov/keycloak/broker/oidc/OverrideOIDCIdentityProvider.java
@@ -38,25 +38,27 @@ public Response keycloakInitiatedBrowserLogout(
     }
 
     String sessionId = userSession.getId();
-    UriBuilder logoutUri =
-        UriBuilder.fromUri(getConfig().getLogoutUrl()).queryParam("state", sessionId);
-    String redirect =
-        RealmsResource.brokerUrl(uriInfo)
-            .path(IdentityBrokerService.class, "getEndpoint")
-            .path(OIDCEndpoint.class, "logoutResponse")
-            .build(realm.getName(), getConfig().getAlias())
-            .toString();
+    UriBuilder logoutUri = UriBuilder.fromUri(getConfig().getLogoutUrl()).queryParam("state", sessionId);
+    String redirect = RealmsResource.brokerUrl(uriInfo)
+        .path(IdentityBrokerService.class, "getEndpoint")
+        .path(OIDCEndpoint.class, "logoutResponse")
+        .build(realm.getName(), getConfig().getAlias())
+        .toString();
 
     if (idToken != null) {
       logoutUri.queryParam("id_token_hint", idToken);
       logoutUri.queryParam("post_logout_redirect_uri", redirect);
     } else {
-      if (!isLegacyLogoutRedirectUriSupported()) {
-        logger.warn("no id_token found and legacy logout redirect uri not supported: " + redirect);
-        return null;
-      }
+      // commented out as custom UI fields are not supported in KC22
+      // if (!isLegacyLogoutRedirectUriSupported()) {
+      // logger.warn("no id_token found and legacy logout redirect uri not supported:
+      // " + redirect);
+      // return null;
+      // }
+      // logger.warn("no id_token found; use legacy redirect_uri query param: " +
+      // redirect);
 
-      logger.warn("no id_token found; use legacy redirect_uri query param: " + redirect);
+      // if id token is expired or not available then use redirect_uri
       logoutUri.queryParam("redirect_uri", redirect);
     }
 
@@ -82,7 +84,9 @@ private String getIDTokenForLogout(KeycloakSession session, UserSessionModel use
     }
   }
 
-  public boolean isLegacyLogoutRedirectUriSupported() {
-    return Boolean.valueOf(getConfig().getConfig().get("legacyLogoutRedirectUriSupported"));
-  }
+  // commented out as custom UI fields are not supported in KC22
+  // public boolean isLegacyLogoutRedirectUriSupported() {
+  // return
+  // Boolean.valueOf(getConfig().getConfig().get("legacyLogoutRedirectUriSupported"));
+  // }
 }