diff --git a/docker/keycloak/Dockerfile-26 b/docker/keycloak/Dockerfile-26
index 6ec5a39e..ec766126 100644
--- a/docker/keycloak/Dockerfile-26
+++ b/docker/keycloak/Dockerfile-26
@@ -4,7 +4,7 @@ COPY ./extensions-26 /tmp/
WORKDIR /tmp/
RUN mvn -B clean package --file pom.xml
-FROM registry.redhat.io/rhbk/keycloak-rhel9:26.0-3 as builder
+FROM registry.redhat.io/rhbk/keycloak-rhel9:26.0-5 AS builder
# Enable health and metrics support
ENV KC_HEALTH_ENABLED=true
@@ -14,20 +14,20 @@ ENV KEYCLOAK_VERSION 26.0.5
# Configure a database vendor
ENV KC_DB=postgres
-COPY --from=extensions-builder --chown=keycloak:keycloak --chmod=644 /tmp/services/target/bcgov-services-1.0.0.jar /opt/keycloak/providers/
+COPY --from=extensions-builder /tmp/services/target/bcgov-services-1.0.0.jar /opt/keycloak/providers/
WORKDIR /opt/keycloak
# copy the theme directory to `/opt/keycloak/themes/` for now, but we can consider to archive to be deployed later.
-COPY --chown=keycloak:keycloak --chmod=644 ./extensions-26/themes/src/main/resources/theme /opt/keycloak/themes
+COPY ./extensions-26/themes/src/main/resources/theme /opt/keycloak/themes
-COPY --chown=keycloak:keycloak --chmod=644 ./configuration/26/keycloak.conf /opt/keycloak/conf
+COPY ./configuration/26/keycloak.conf /opt/keycloak/conf
-COPY --chown=keycloak:keycloak --chmod=644 ./configuration/26/quarkus.properties /opt/keycloak/conf
+COPY ./configuration/26/quarkus.properties /opt/keycloak/conf
-COPY --chown=keycloak:keycloak --chmod=644 ./configuration/26/keycloak-default-user-profile.json /opt/keycloak/tmp
+COPY ./configuration/26/keycloak-default-user-profile.json /tmp
-RUN /opt/keycloak/bin/kc.sh build --verbose
+RUN /opt/keycloak/bin/kc.sh build
# change these values to point to a running postgres instance
ENTRYPOINT ["/opt/keycloak/bin/kc.sh"]
diff --git a/docker/keycloak/extensions-26/pom.xml b/docker/keycloak/extensions-26/pom.xml
index 695a90ef..a77c2e74 100644
--- a/docker/keycloak/extensions-26/pom.xml
+++ b/docker/keycloak/extensions-26/pom.xml
@@ -8,10 +8,11 @@
pom
- 21
- 21
+ 1.8
+ 1.8
UTF-8
26.0.5
+ 21
diff --git a/docker/keycloak/extensions-26/services/pom.xml b/docker/keycloak/extensions-26/services/pom.xml
index 1cd1c775..b09db3d4 100644
--- a/docker/keycloak/extensions-26/services/pom.xml
+++ b/docker/keycloak/extensions-26/services/pom.xml
@@ -41,9 +41,10 @@
org.apache.maven.plugins
maven-compiler-plugin
+ 3.13.0
- 21
- 21
+ ${maven.compiler.source}
+ ${maven.compiler.target}
diff --git a/docker/keycloak/extensions-26/services/src/main/java/com/github/bcgov/keycloak/authenticators/CookieStopAuthenticator.java b/docker/keycloak/extensions-26/services/src/main/java/com/github/bcgov/keycloak/authenticators/CookieStopAuthenticator.java
index 12e82769..50c38d7c 100644
--- a/docker/keycloak/extensions-26/services/src/main/java/com/github/bcgov/keycloak/authenticators/CookieStopAuthenticator.java
+++ b/docker/keycloak/extensions-26/services/src/main/java/com/github/bcgov/keycloak/authenticators/CookieStopAuthenticator.java
@@ -52,7 +52,7 @@ public void authenticate(AuthenticationFlowContext context) {
String sessIdp = authResult.getSession().getNotes().get("identity_provider");
if (authIdp != null && !authIdp.trim().isEmpty()) {
- IdentityProviderModel idp = context.getRealm().getIdentityProviderByAlias(authIdp);
+ IdentityProviderModel idp = context.getSession().identityProviders().getByAlias(authIdp);
Map scopes = context.getAuthenticationSession().getClient().getClientScopes(true);
if (idp != null
@@ -86,7 +86,8 @@ public void authenticate(AuthenticationFlowContext context) {
}
@Override
- public void action(AuthenticationFlowContext context) { /* This is ok */ }
+ public void action(AuthenticationFlowContext context) {
+ /* This is ok */ }
@Override
public boolean configuredFor(KeycloakSession session, RealmModel realm, UserModel user) {
@@ -94,8 +95,10 @@ public boolean configuredFor(KeycloakSession session, RealmModel realm, UserMode
}
@Override
- public void setRequiredActions(KeycloakSession session, RealmModel realm, UserModel user) { /* This is ok */ }
+ public void setRequiredActions(KeycloakSession session, RealmModel realm, UserModel user) {
+ /* This is ok */ }
@Override
- public void close() { /* This is ok */ }
+ public void close() {
+ /* This is ok */ }
}
diff --git a/docker/keycloak/extensions-26/services/src/main/java/com/github/bcgov/keycloak/authenticators/IdentityProviderStopAuthenticator.java b/docker/keycloak/extensions-26/services/src/main/java/com/github/bcgov/keycloak/authenticators/IdentityProviderStopAuthenticator.java
index 40fd8622..17ea779d 100644
--- a/docker/keycloak/extensions-26/services/src/main/java/com/github/bcgov/keycloak/authenticators/IdentityProviderStopAuthenticator.java
+++ b/docker/keycloak/extensions-26/services/src/main/java/com/github/bcgov/keycloak/authenticators/IdentityProviderStopAuthenticator.java
@@ -28,7 +28,7 @@ public class IdentityProviderStopAuthenticator implements Authenticator {
@Override
public void authenticate(AuthenticationFlowContext context) {
List allowedIdps = new ArrayList<>();
- List realmIdps = context.getRealm().getIdentityProvidersStream().toList();
+ List realmIdps = context.getSession().identityProviders().getAllStream().toList();
Map scopes = context.getAuthenticationSession().getClient().getClientScopes(true);
for (IdentityProviderModel ridp : realmIdps) {
diff --git a/docker/keycloak/extensions-26/services/src/main/java/com/github/bcgov/keycloak/authenticators/UserSessionRemover.java b/docker/keycloak/extensions-26/services/src/main/java/com/github/bcgov/keycloak/authenticators/UserSessionRemover.java
index ced75e6f..0ae0074b 100644
--- a/docker/keycloak/extensions-26/services/src/main/java/com/github/bcgov/keycloak/authenticators/UserSessionRemover.java
+++ b/docker/keycloak/extensions-26/services/src/main/java/com/github/bcgov/keycloak/authenticators/UserSessionRemover.java
@@ -9,7 +9,6 @@
import org.keycloak.models.AuthenticatedClientSessionModel;
import org.keycloak.services.managers.AuthenticationManager;
import org.keycloak.authentication.AuthenticationFlowContext;
-import org.keycloak.sessions.AuthenticationSessionModel;
import org.keycloak.models.UserSessionModel;
import java.util.Map;
@@ -26,7 +25,8 @@ public boolean requiresUser() {
@Override
public void authenticate(AuthenticationFlowContext context) {
UserSessionModel userSessionModel;
- AuthenticationManager.AuthResult authResult = AuthenticationManager.authenticateIdentityCookie(context.getSession(), context.getRealm(), true);
+ AuthenticationManager.AuthResult authResult = AuthenticationManager.authenticateIdentityCookie(context.getSession(),
+ context.getRealm(), true);
// 1. If no Cookie session, proceed to next step
if (authResult == null) {
@@ -39,8 +39,10 @@ public void authenticate(AuthenticationFlowContext context) {
String authenticatingClientUUID = context.getSession().getContext().getClient().getId();
UserSessionProvider userSessionProvider = context.getSession().sessions();
- // Must fetch sessions from the user session model, user session provider has all session in the realm
- Map authenticatedClientSessions = userSessionModel.getAuthenticatedClientSessions();
+ // Must fetch sessions from the user session model, user session provider has
+ // all session in the realm
+ Map authenticatedClientSessions = userSessionModel
+ .getAuthenticatedClientSessions();
for (String activeSessionClientUUID : authenticatedClientSessions.keySet()) {
if (!activeSessionClientUUID.equals(authenticatingClientUUID)) {
diff --git a/docker/keycloak/extensions-26/services/src/main/java/com/github/bcgov/keycloak/protocol/oidc/ext/endpoints/LegacyEndpoint.java b/docker/keycloak/extensions-26/services/src/main/java/com/github/bcgov/keycloak/protocol/oidc/ext/endpoints/LegacyEndpoint.java
index 9418e0fd..60baa613 100644
--- a/docker/keycloak/extensions-26/services/src/main/java/com/github/bcgov/keycloak/protocol/oidc/ext/endpoints/LegacyEndpoint.java
+++ b/docker/keycloak/extensions-26/services/src/main/java/com/github/bcgov/keycloak/protocol/oidc/ext/endpoints/LegacyEndpoint.java
@@ -1,8 +1,6 @@
package com.github.bcgov.keycloak.protocol.oidc.ext.endpoints;
import jakarta.ws.rs.GET;
-import org.keycloak.common.Profile;
-import org.keycloak.common.Profile.Feature;
import jakarta.ws.rs.Path;
import jakarta.ws.rs.QueryParam;
import jakarta.ws.rs.core.Response;
diff --git a/docker/keycloak/extensions-26/services/src/main/java/com/github/bcgov/keycloak/protocol/oidc/mappers/IDPUserinfoMapper.java b/docker/keycloak/extensions-26/services/src/main/java/com/github/bcgov/keycloak/protocol/oidc/mappers/IDPUserinfoMapper.java
index 617c4a56..836dae8e 100644
--- a/docker/keycloak/extensions-26/services/src/main/java/com/github/bcgov/keycloak/protocol/oidc/mappers/IDPUserinfoMapper.java
+++ b/docker/keycloak/extensions-26/services/src/main/java/com/github/bcgov/keycloak/protocol/oidc/mappers/IDPUserinfoMapper.java
@@ -120,12 +120,12 @@ protected void setClaim(
String idp = userSession.getNotes().get("identity_provider");
RealmModel realm = userSession.getRealm();
- IdentityProviderModel identityProviderConfig = realm.getIdentityProviderByAlias(idp);
+ IdentityProviderModel identityProviderConfig = keycloakSession.identityProviders().getByAlias(idp);
JsonNode userInfo;
JWSInput jws;
if (identityProviderConfig.isStoreToken()) {
- IdentityProviderModel identityProviderModel = realm.getIdentityProviderByAlias(idp);
+ IdentityProviderModel identityProviderModel = keycloakSession.identityProviders().getByAlias(idp);
String userInfoUrl = identityProviderModel.getConfig().get("userInfoUrl");
if (userInfoUrl != null) {
diff --git a/docker/keycloak/extensions-26/services/src/main/java/com/github/bcgov/keycloak/protocol/saml/mappers/IDPUserinfoMapper.java b/docker/keycloak/extensions-26/services/src/main/java/com/github/bcgov/keycloak/protocol/saml/mappers/IDPUserinfoMapper.java
index 46eff939..6c97e7e9 100644
--- a/docker/keycloak/extensions-26/services/src/main/java/com/github/bcgov/keycloak/protocol/saml/mappers/IDPUserinfoMapper.java
+++ b/docker/keycloak/extensions-26/services/src/main/java/com/github/bcgov/keycloak/protocol/saml/mappers/IDPUserinfoMapper.java
@@ -139,12 +139,12 @@ public void transformAttributeStatement(AttributeStatementType attributeStatemen
KeycloakSession keycloakSession, UserSessionModel userSession, AuthenticatedClientSessionModel clientSession) {
String idp = userSession.getNotes().get("identity_provider");
RealmModel realm = userSession.getRealm();
- IdentityProviderModel identityProviderConfig = realm.getIdentityProviderByAlias(idp);
+ IdentityProviderModel identityProviderConfig = keycloakSession.identityProviders().getByAlias(idp);
JsonNode userInfo;
JWSInput jws;
if (identityProviderConfig.isStoreToken()) {
- IdentityProviderModel identityProviderModel = realm.getIdentityProviderByAlias(idp);
+ IdentityProviderModel identityProviderModel = keycloakSession.identityProviders().getByAlias(idp);
String userInfoUrl = identityProviderModel.getConfig().get("userInfoUrl");
if (userInfoUrl != null) {
diff --git a/docker/keycloak/extensions-26/services/src/main/java/com/github/bcgov/keycloak/social/github/CustomGitHubIdentityProvider.java b/docker/keycloak/extensions-26/services/src/main/java/com/github/bcgov/keycloak/social/github/CustomGitHubIdentityProvider.java
index 9bc8772b..10672e81 100644
--- a/docker/keycloak/extensions-26/services/src/main/java/com/github/bcgov/keycloak/social/github/CustomGitHubIdentityProvider.java
+++ b/docker/keycloak/extensions-26/services/src/main/java/com/github/bcgov/keycloak/social/github/CustomGitHubIdentityProvider.java
@@ -77,7 +77,7 @@ protected BrokeredIdentityContext doGetFederatedIdentity(String accessToken) {
throw new IdentityBrokerException("User does not belong to the target GitHub Org");
}
- JsonNode profile = SimpleHttp.doGet(PROFILE_URL, session)
+ JsonNode profile = SimpleHttp.doGet(DEFAULT_PROFILE_URL, session)
.header("Authorization", "Bearer " + accessToken)
.asJson();
@@ -97,7 +97,7 @@ protected BrokeredIdentityContext doGetFederatedIdentity(String accessToken) {
private String searchEmail(String accessToken) {
try {
- ArrayNode emails = (ArrayNode) SimpleHttp.doGet(EMAIL_URL, session)
+ ArrayNode emails = (ArrayNode) SimpleHttp.doGet(DEFAULT_EMAIL_URL, session)
.header("Authorization", "Bearer " + accessToken)
.asJson();
diff --git a/docker/keycloak/extensions-26/services/src/main/resources/META-INF/jboss-deployment-structure.xml b/docker/keycloak/extensions-26/services/src/main/resources/META-INF/jboss-deployment-structure.xml
deleted file mode 100644
index 6cef78cf..00000000
--- a/docker/keycloak/extensions-26/services/src/main/resources/META-INF/jboss-deployment-structure.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
diff --git a/localdev/macs/Dockerfile b/localdev/macs/Dockerfile
index 08a7167a..206632c3 100644
--- a/localdev/macs/Dockerfile
+++ b/localdev/macs/Dockerfile
@@ -1,11 +1,12 @@
-FROM maven:3.8.5-openjdk-17-slim AS extensions-builder
+FROM maven:3.9.9-eclipse-temurin-21 AS extensions-builder
-COPY ./docker/keycloak/extensions-24/ /tmp/
+COPY ./docker/keycloak/extensions-26 /tmp/
WORKDIR /tmp/
RUN mvn -B clean package --file pom.xml -Dmaven.test.skip=true
# built using https://github.com/keycloak/keycloak-containers/blob/main/server/Dockerfile
-FROM keycloak:24.0.5
+
+FROM keycloak:26.0.5
ENV KC_HEALTH_ENABLED=true
ENV KC_METRICS_ENABLED=true
@@ -13,15 +14,15 @@ ENV KC_DB=postgres
COPY --from=extensions-builder /tmp/services/target/bcgov-services-1.0.0.jar /opt/keycloak/providers/
-# COPY ./docker/keycloak/extensions-24/themes/src/main/resources/theme /opt/keycloak/themes/
+COPY ./docker/keycloak/extensions-26/themes/src/main/resources/theme /opt/keycloak/themes/
-RUN /opt/keycloak/bin/kc.sh build
+RUN /opt/keycloak/bin/kc.sh build --verbose
WORKDIR /opt/keycloak
-COPY ./docker/keycloak/configuration/24/quarkus.properties /opt/keycloak/conf
+COPY ./docker/keycloak/configuration/26/quarkus.properties /opt/keycloak/conf
-COPY ./docker/keycloak/configuration/24/keycloak-default-user-profile.json /tmp
+COPY ./docker/keycloak/configuration/26/keycloak-default-user-profile.json /tmp
# change these values to point to a running postgres instance
ENTRYPOINT ["/opt/keycloak/bin/kc.sh"]