feat: kc image build debug #6

docker/keycloak/Dockerfile-26

@@ -4,7 +4,7 @@ COPY ./extensions-26 /tmp/
 WORKDIR /tmp/
 RUN mvn -B clean package --file pom.xml
 
-FROM registry.redhat.io/rhbk/keycloak-rhel9:26.0-3 as builder
+FROM registry.redhat.io/rhbk/keycloak-rhel9:26.0-5 AS builder
 
 # Enable health and metrics support
 ENV KC_HEALTH_ENABLED=true
@@ -14,20 +14,20 @@ ENV KEYCLOAK_VERSION 26.0.5
 # Configure a database vendor
 ENV KC_DB=postgres
 
-COPY --from=extensions-builder --chown=keycloak:keycloak --chmod=644 /tmp/services/target/bcgov-services-1.0.0.jar /opt/keycloak/providers/
+COPY --from=extensions-builder /tmp/services/target/bcgov-services-1.0.0.jar /opt/keycloak/providers/
 
 WORKDIR /opt/keycloak
 
 # copy the theme directory to `/opt/keycloak/themes/` for now, but we can consider to archive to be deployed later.
-COPY --chown=keycloak:keycloak --chmod=644 ./extensions-26/themes/src/main/resources/theme /opt/keycloak/themes
+COPY ./extensions-26/themes/src/main/resources/theme /opt/keycloak/themes
 
-COPY --chown=keycloak:keycloak --chmod=644 ./configuration/26/keycloak.conf /opt/keycloak/conf
+COPY ./configuration/26/keycloak.conf /opt/keycloak/conf
 
-COPY --chown=keycloak:keycloak --chmod=644 ./configuration/26/quarkus.properties /opt/keycloak/conf
+COPY ./configuration/26/quarkus.properties /opt/keycloak/conf
 
-COPY --chown=keycloak:keycloak --chmod=644 ./configuration/26/keycloak-default-user-profile.json /opt/keycloak/tmp
+COPY ./configuration/26/keycloak-default-user-profile.json /tmp
 
-RUN /opt/keycloak/bin/kc.sh build --verbose
+RUN /opt/keycloak/bin/kc.sh build
 
 # change these values to point to a running postgres instance
 ENTRYPOINT ["/opt/keycloak/bin/kc.sh"]

docker/keycloak/extensions-26/pom.xml

@@ -8,10 +8,11 @@
     <packaging>pom</packaging>
 
     <properties>
-        <maven.compiler.source>21</maven.compiler.source>
-        <maven.compiler.target>21</maven.compiler.target>
+        <maven.compiler.source>1.8</maven.compiler.source>
+        <maven.compiler.target>1.8</maven.compiler.target>
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
         <keycloak.version>26.0.5</keycloak.version>
+        <java.version>21</java.version>
     </properties>
 
     <build>

docker/keycloak/extensions-26/services/pom.xml

@@ -41,9 +41,10 @@
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-compiler-plugin</artifactId>
+                <version>3.13.0</version>
                 <configuration>
-                    <source>21</source>
-                    <target>21</target>
+                    <source>${maven.compiler.source}</source>
+                    <target>${maven.compiler.target}</target>
                 </configuration>
             </plugin>
             <plugin>

docker/keycloak/extensions-26/services/src/main/java/com/github/bcgov/keycloak/authenticators/CookieStopAuthenticator.java

@@ -52,7 +52,7 @@ public void authenticate(AuthenticationFlowContext context) {
       String sessIdp = authResult.getSession().getNotes().get("identity_provider");
 
       if (authIdp != null && !authIdp.trim().isEmpty()) {
-        IdentityProviderModel idp = context.getRealm().getIdentityProviderByAlias(authIdp);
+        IdentityProviderModel idp = context.getSession().identityProviders().getByAlias(authIdp);
         Map<String, ClientScopeModel> scopes = context.getAuthenticationSession().getClient().getClientScopes(true);
 
         if (idp != null
@@ -86,16 +86,19 @@ public void authenticate(AuthenticationFlowContext context) {
   }
 
   @Override
-  public void action(AuthenticationFlowContext context) { /* This is ok */ }
+  public void action(AuthenticationFlowContext context) {
+    /* This is ok */ }
 
   @Override
   public boolean configuredFor(KeycloakSession session, RealmModel realm, UserModel user) {
     return true;
   }
 
   @Override
-  public void setRequiredActions(KeycloakSession session, RealmModel realm, UserModel user) { /* This is ok */ }
+  public void setRequiredActions(KeycloakSession session, RealmModel realm, UserModel user) {
+    /* This is ok */ }
 
   @Override
-  public void close() { /* This is ok */ }
+  public void close() {
+    /* This is ok */ }
 }

docker/keycloak/extensions-26/services/src/main/java/com/github/bcgov/keycloak/authenticators/IdentityProviderStopAuthenticator.java

@@ -28,7 +28,7 @@ public class IdentityProviderStopAuthenticator implements Authenticator {
   @Override
   public void authenticate(AuthenticationFlowContext context) {
     List<IdentityProviderModel> allowedIdps = new ArrayList<>();
-    List<IdentityProviderModel> realmIdps = context.getRealm().getIdentityProvidersStream().toList();
+    List<IdentityProviderModel> realmIdps = context.getSession().identityProviders().getAllStream().toList();
     Map<String, ClientScopeModel> scopes = context.getAuthenticationSession().getClient().getClientScopes(true);
 
     for (IdentityProviderModel ridp : realmIdps) {

docker/keycloak/extensions-26/services/src/main/java/com/github/bcgov/keycloak/authenticators/UserSessionRemover.java

@@ -9,7 +9,6 @@
 import org.keycloak.models.AuthenticatedClientSessionModel;
 import org.keycloak.services.managers.AuthenticationManager;
 import org.keycloak.authentication.AuthenticationFlowContext;
-import org.keycloak.sessions.AuthenticationSessionModel;
 import org.keycloak.models.UserSessionModel;
 
 import java.util.Map;
@@ -26,7 +25,8 @@ public boolean requiresUser() {
   @Override
   public void authenticate(AuthenticationFlowContext context) {
     UserSessionModel userSessionModel;
-    AuthenticationManager.AuthResult authResult = AuthenticationManager.authenticateIdentityCookie(context.getSession(), context.getRealm(), true);
+    AuthenticationManager.AuthResult authResult = AuthenticationManager.authenticateIdentityCookie(context.getSession(),
+        context.getRealm(), true);
 
     // 1. If no Cookie session, proceed to next step
     if (authResult == null) {
@@ -39,8 +39,10 @@ public void authenticate(AuthenticationFlowContext context) {
     String authenticatingClientUUID = context.getSession().getContext().getClient().getId();
     UserSessionProvider userSessionProvider = context.getSession().sessions();
 
-    // Must fetch sessions from the user session model, user session provider has all session in the realm
-    Map<String, AuthenticatedClientSessionModel> authenticatedClientSessions = userSessionModel.getAuthenticatedClientSessions();
+    // Must fetch sessions from the user session model, user session provider has
+    // all session in the realm
+    Map<String, AuthenticatedClientSessionModel> authenticatedClientSessions = userSessionModel
+        .getAuthenticatedClientSessions();
 
     for (String activeSessionClientUUID : authenticatedClientSessions.keySet()) {
       if (!activeSessionClientUUID.equals(authenticatingClientUUID)) {

docker/keycloak/extensions-26/services/src/main/java/com/github/bcgov/keycloak/protocol/oidc/ext/endpoints/LegacyEndpoint.java

@@ -1,8 +1,6 @@
 package com.github.bcgov.keycloak.protocol.oidc.ext.endpoints;
 
 import jakarta.ws.rs.GET;
-import org.keycloak.common.Profile;
-import org.keycloak.common.Profile.Feature;
 import jakarta.ws.rs.Path;
 import jakarta.ws.rs.QueryParam;
 import jakarta.ws.rs.core.Response;

docker/keycloak/extensions-26/services/src/main/java/com/github/bcgov/keycloak/protocol/oidc/mappers/IDPUserinfoMapper.java

@@ -120,12 +120,12 @@ protected void setClaim(
 
     String idp = userSession.getNotes().get("identity_provider");
     RealmModel realm = userSession.getRealm();
-    IdentityProviderModel identityProviderConfig = realm.getIdentityProviderByAlias(idp);
+    IdentityProviderModel identityProviderConfig = keycloakSession.identityProviders().getByAlias(idp);
     JsonNode userInfo;
     JWSInput jws;
 
     if (identityProviderConfig.isStoreToken()) {
-      IdentityProviderModel identityProviderModel = realm.getIdentityProviderByAlias(idp);
+      IdentityProviderModel identityProviderModel = keycloakSession.identityProviders().getByAlias(idp);
       String userInfoUrl = identityProviderModel.getConfig().get("userInfoUrl");
 
       if (userInfoUrl != null) {

docker/keycloak/extensions-26/services/src/main/java/com/github/bcgov/keycloak/protocol/saml/mappers/IDPUserinfoMapper.java

@@ -139,12 +139,12 @@ public void transformAttributeStatement(AttributeStatementType attributeStatemen
       KeycloakSession keycloakSession, UserSessionModel userSession, AuthenticatedClientSessionModel clientSession) {
     String idp = userSession.getNotes().get("identity_provider");
     RealmModel realm = userSession.getRealm();
-    IdentityProviderModel identityProviderConfig = realm.getIdentityProviderByAlias(idp);
+    IdentityProviderModel identityProviderConfig = keycloakSession.identityProviders().getByAlias(idp);
     JsonNode userInfo;
     JWSInput jws;
 
     if (identityProviderConfig.isStoreToken()) {
-      IdentityProviderModel identityProviderModel = realm.getIdentityProviderByAlias(idp);
+      IdentityProviderModel identityProviderModel = keycloakSession.identityProviders().getByAlias(idp);
       String userInfoUrl = identityProviderModel.getConfig().get("userInfoUrl");
 
       if (userInfoUrl != null) {

docker/keycloak/extensions-26/services/src/main/java/com/github/bcgov/keycloak/social/github/CustomGitHubIdentityProvider.java

@@ -77,7 +77,7 @@ protected BrokeredIdentityContext doGetFederatedIdentity(String accessToken) {
           throw new IdentityBrokerException("User does not belong to the target GitHub Org");
       }
 
-      JsonNode profile = SimpleHttp.doGet(PROFILE_URL, session)
+      JsonNode profile = SimpleHttp.doGet(DEFAULT_PROFILE_URL, session)
           .header("Authorization", "Bearer " + accessToken)
           .asJson();
 
@@ -97,7 +97,7 @@ protected BrokeredIdentityContext doGetFederatedIdentity(String accessToken) {
 
   private String searchEmail(String accessToken) {
     try {
-      ArrayNode emails = (ArrayNode) SimpleHttp.doGet(EMAIL_URL, session)
+      ArrayNode emails = (ArrayNode) SimpleHttp.doGet(DEFAULT_EMAIL_URL, session)
           .header("Authorization", "Bearer " + accessToken)
           .asJson();
 

localdev/macs/Dockerfile

@@ -1,27 +1,28 @@
-FROM maven:3.8.5-openjdk-17-slim AS extensions-builder
+FROM maven:3.9.9-eclipse-temurin-21 AS extensions-builder
 
-COPY ./docker/keycloak/extensions-24/ /tmp/
+COPY ./docker/keycloak/extensions-26 /tmp/
 WORKDIR /tmp/
 RUN mvn -B clean package --file pom.xml -Dmaven.test.skip=true
 
 # built using https://github.com/keycloak/keycloak-containers/blob/main/server/Dockerfile
-FROM keycloak:24.0.5
+
+FROM keycloak:26.0.5
 
 ENV KC_HEALTH_ENABLED=true
 ENV KC_METRICS_ENABLED=true
 ENV KC_DB=postgres
 
 COPY --from=extensions-builder /tmp/services/target/bcgov-services-1.0.0.jar /opt/keycloak/providers/
 
-# COPY ./docker/keycloak/extensions-24/themes/src/main/resources/theme /opt/keycloak/themes/
+COPY ./docker/keycloak/extensions-26/themes/src/main/resources/theme /opt/keycloak/themes/
 
-RUN /opt/keycloak/bin/kc.sh build
+RUN /opt/keycloak/bin/kc.sh build --verbose
 
 WORKDIR /opt/keycloak
 
-COPY ./docker/keycloak/configuration/24/quarkus.properties /opt/keycloak/conf
+COPY ./docker/keycloak/configuration/26/quarkus.properties /opt/keycloak/conf
 
-COPY ./docker/keycloak/configuration/24/keycloak-default-user-profile.json /tmp
+COPY ./docker/keycloak/configuration/26/keycloak-default-user-profile.json /tmp
 
 # change these values to point to a running postgres instance
 ENTRYPOINT ["/opt/keycloak/bin/kc.sh"]