Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Upgrade to Keycloak 23 #24403

Merged
merged 1 commit into from
Dec 3, 2023
Merged

Upgrade to Keycloak 23 #24403

merged 1 commit into from
Dec 3, 2023

Conversation

theycallmeducks
Copy link
Contributor

upgrade the docker and kubernetes builds to use Keycloak 23.0.1, see https://www.keycloak.org/2023/11/keycloak-2301-released.html

Fix #24352

@theycallmeducks theycallmeducks marked this pull request as ready for review November 30, 2023 01:11
@theycallmeducks
Upgrade to Keycloak 23
5c5484e 
upgrade the docker and kubernetes builds to use Keycloak 23.0.1,
see https://www.keycloak.org/2023/11/keycloak-2301-released.html

Fix jhipster jhipster#24352
vishal423
vishal423 reviewed Nov 30, 2023
View reviewed changes
Copy link
Contributor

@vishal423 vishal423 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Overall change looks good. Could you confirm once that the Keycloak realm configurations are updated to include all changes? You can assert this by generating a new OIDC application with your changes, export the realm and do diff between checked-in version and the exported one.

@DanielFran DanielFran mentioned this pull request Nov 30, 2023
Closed
@theycallmeducks
Copy link
Contributor Author 

360,363c360
<     "attributes" : { },
<     "realmRoles" : [ "ROLE_ADMIN" ],
<     "clientRoles" : { },
<     "subGroups" : [ ]
---
>     "realmRoles" : [ "ROLE_ADMIN" ]
368,371c365
<     "attributes" : { },
<     "realmRoles" : [ "ROLE_USER" ],
<     "clientRoles" : { },
<     "subGroups" : [ ]
---
>     "realmRoles" : [ "ROLE_USER" ]
389c383,384
<   "otpSupportedApplications" : [ "totpAppMicrosoftAuthenticatorName", "totpAppFreeOTPName", "totpAppGoogleName" ],
---
>   "otpSupportedApplications" : [ "totpAppFreeOTPName", "totpAppGoogleName", "totpAppMicrosoftAuthenticatorName" ],
>   "localizationTexts" : { },
399a395
>   "webAuthnPolicyExtraOrigins" : [ ],
409a406
>   "webAuthnPolicyPasswordlessExtraOrigins" : [ ],
481c478
<     "secret" : "7189e879-bf8e-408d-88a7-9905948d0c4c",
---
>     "secret" : "82eebea8-69ad-491b-9fc5-e946521142f1",
512c509
<     "secret" : "e13f4535-0a9e-48bf-9596-154009f69d79",
---
>     "secret" : "3f8a02dc-1d9c-4985-b238-72fd5ab57f8a",
550c547
<     "secret" : "a4ea1a7b-6bad-44d4-90f2-5642e5b04dec",
---
>     "secret" : "336b463f-b473-4aed-85a1-b35d02f39aaa",
579c576
<     "secret" : "10797ba1-dd83-4a3e-8210-d0099654f02a",
---
>     "secret" : "bb428244-ef91-480c-b1d0-581328fb5ed1",
651c648
<     "secret" : "39cc55d1-af32-4257-94e9-d6ee04ac091d",
---
>     "secret" : "bf765f8a-5a0a-4621-8ea0-3ffe72382dfd",
682c679
<     "secret" : "8eec8a1e-b7f1-4ecf-8ef9-3516392ba56e",
---
>     "secret" : "8ebe06b7-9f67-4264-8b3e-265be164170f",
1334c1331
<         "allowed-protocol-mapper-types" : [ "oidc-usermodel-property-mapper", "oidc-usermodel-attribute-mapper", "oidc-full-name-mapper", "saml-role-list-mapper", "saml-user-property-mapper", "saml-user-attribute-mapper", "oidc-address-mapper", "oidc-sha256-pairwise-sub-mapper" ]
---
>         "allowed-protocol-mapper-types" : [ "oidc-usermodel-property-mapper", "oidc-address-mapper", "saml-user-property-mapper", "oidc-full-name-mapper", "oidc-usermodel-attribute-mapper", "oidc-sha256-pairwise-sub-mapper", "saml-role-list-mapper", "saml-user-attribute-mapper" ]
1359c1356
<         "allowed-protocol-mapper-types" : [ "oidc-sha256-pairwise-sub-mapper", "oidc-full-name-mapper", "oidc-address-mapper", "saml-user-property-mapper", "oidc-usermodel-property-mapper", "saml-user-attribute-mapper", "saml-role-list-mapper", "oidc-usermodel-attribute-mapper" ]
---
>         "allowed-protocol-mapper-types" : [ "oidc-sha256-pairwise-sub-mapper", "oidc-usermodel-property-mapper", "saml-user-attribute-mapper", "saml-user-property-mapper", "oidc-usermodel-attribute-mapper", "saml-role-list-mapper", "oidc-address-mapper", "oidc-full-name-mapper" ]
1381,1382c1378,1379
<         "privateKey" : [ "MIIEowIBAAKCAQEAqXaotW13nbmnTKKdBkrCj1qUQ5Agmi/ScI9w8cSKbWsHZcIwFLAqR9PzxSIqHK80A/YDfl/WlAyDBNP6KNe/z8PAgjZdxnvvVdRVDd8D0ZtSNG2BhxmE//Jga2z4iLJebwm+qa/wkHGR4hj4XGV6+oUWjlxGZ0Pm3T57lV1h0R7yK/t6keA7VUttPQfMjalr+NhWgyF5PuU6NUDF9MqYJVGdN22l3YZnugEetcMrEXdFU1QoPKjVkGpvg4E0KGeLxNOwE6J/lntCkZxE3ZvJYyepE/LZ79uJ6L62ajsiO5vUHN5To+hkWVrg1491wCchpjUEAXUM06rdCFsj/votWQIDAQABAoIBAAIuhqgFT4WukvaT3mErG7ukPyXqiFzr0jIESsA2F1Em0FrRR/SwOu8fTbNjR/cEE2+cnnllSvoveg1ZHE6jznKikssqX4UzacapW+n4jdBIR2Po6ALBA5sW+AJSDhYWc8xKrBN7siVt7OKkDyiDXvS0O3DcQ8THFUUSbZ1j7SM31SSJn1BtH9WgZ22348Ny/eKdi1DgdrmcaE/3hM5jeZr3lbGAr9eGtZQbXuFVPS107HtiJtUv6YZCRPA1F8C6tKnq7jbNKaEDl1RgK9G53blVtBuv7HDUnaAujmq7/OorUEWZAaPnpHBP1SznFtN4yb2Gtwn2+iOrF5qzhCgFcuECgYEA43dEYcniVTciVd1Q6JiBeWwYPgCHPDL9rl3ewDkYhs4Hi16IuCz3najnxWYY0lGLv3F7eDt0GhRtfKhatcm0tC8rGbTq3EzITFQXLGE62E4mV8h5QwETh4ZOIU1IJRrBDEV3GRc3NqkSOYrAoGDZIEHOIc5hSdVTjTp5NeXX4BECgYEAvri7FgkqzMhzj6NHFyFzsqZo4w7+yYBfalpau85FEgqLogPc3AcDau2xDnWhi29pE45ebLJ5KZG+ieJYy6QdmR7/ZdSNfD8WwSdyYIAdcuEk/DjhsgK2k6BbArTox4d9HxkVFbZmlnQz37z9CKEvctjZGMIhARJyiSKSjnAHQMkCgYA85EiiBPFZ7pB6e+yU136RiqZSssGBFAVlECv5OU+fhrfuTzg6VY9T3UtuRI6QftPyQ+bRoNjLwnwsysS9tWlycs4O66eTodpc1IX/k2e1T/ZjuX78uOUJeqKft5iAllDngBEJ3nUhZNFEJii6xjJZuEP+OMlCgqEDRYv9KbJIgQKBgAYKnAKKr8xk3SRDq9DTwnJ6SwBGTVPcuSkJS65/TjjQFLRBIxHlNvqAJQesOj3Mfauc6ujOjn/+meaMQPvSaw2aqcR0AzdYWEQuF7Vu2X/2GdHTi3K0G0x52+guCuGnLRN7G+vgJ0fEzo/b0LghQvuEWvwpyhnal744ViQk8FXhAoGBAIEvFt4GZRXd8KDhP4GLJ+WyYLvPNGXNG7CpEt0VztQMjS1V0skqK5g7Lgkbypiarz2qF4T35ru+S0fIF02gtJbg6o78FBAoGL83GblnOL+xTBh26MO4oQpgqfdMDuc9uNNJqfcACJESf9UV2vCTxcIjaQi3ClrjatXfpb4LYtxW" ],
<         "certificate" : [ "MIICnzCCAYcCBgGMJeipgjANBgkqhkiG9w0BAQsFADATMREwDwYDVQQDDAhqaGlwc3RlcjAeFw0yMzEyMDExNTAyMzNaFw0zMzEyMDExNTA0MTNaMBMxETAPBgNVBAMMCGpoaXBzdGVyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqXaotW13nbmnTKKdBkrCj1qUQ5Agmi/ScI9w8cSKbWsHZcIwFLAqR9PzxSIqHK80A/YDfl/WlAyDBNP6KNe/z8PAgjZdxnvvVdRVDd8D0ZtSNG2BhxmE//Jga2z4iLJebwm+qa/wkHGR4hj4XGV6+oUWjlxGZ0Pm3T57lV1h0R7yK/t6keA7VUttPQfMjalr+NhWgyF5PuU6NUDF9MqYJVGdN22l3YZnugEetcMrEXdFU1QoPKjVkGpvg4E0KGeLxNOwE6J/lntCkZxE3ZvJYyepE/LZ79uJ6L62ajsiO5vUHN5To+hkWVrg1491wCchpjUEAXUM06rdCFsj/votWQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQB/TXiHTt9E5C92xyKBXhJvr2737Is872CH7sA90RlxNf7ElLtXAyIrqcvVwc31HmgVnFGRawkSUqmjF7iL3+JxZYfJXFd/vy4pVczZGu2BtDNSfsn23+86Xx5nuo16um2JI7c53CbKlwVyj0/4UMfrVQfrxu2hW2NJti4QOIWhpMVB24IYs+pNRlVAIBTC7FlhczMNjipACRkMt5DjaFtS37GNtNoF1pVd0k1wn5IY2wrREgLGXNcps7WmwvRKPmybyXyFReogiJqKoayy7zTm4AkZhP4N/daM6ibJHCgUwZw7UDIZvEDajLtIj4wJZtqfhH53vk+RgPm5sAGE1SjJ" ],
---
>         "privateKey" : [ "MIIEowIBAAKCAQEAxnHZ9xnXJ+l+3DJAspLarKWfVLNCqNr2WzsCGi2gw85vy1pymscan/eBFu4SpkuGL/SNcbvUYMgXq6HOMhbBgR7vnP0UC3s5khW150MkccXt0nMT0r1m5nxZ9AG1By89IPPjFPSaqBQfsYJ6RaajpOr2QdSCKuT0F8n29ge1j5Fb0O1Fj6aSDvw+gkgUeWxdB4YG9HBsZIzNisVnWmn+3grhXIkPjLe3NJ7eOQgbycCvxa44/JBvDVSH/m7cUZpyDsJvhBZYpUEPnVHPgD4dL5ElIgnK92ccFnu2XuGuCN9HoY8d0u5B78aXQX/C0/W57KxZ2s2aSOsm96Eds1/xZwIDAQABAoIBAEmTrvgiWZbPyRyFeV18e52lruStrlqDDPKYd1gTcNcItISWXYWrquCC2RcSYFHOEMu5BbSUqtLTfYtCa/xAWbCxMrBnWUZEgvz6Fb7QMzQH6fysdD4fwYZVtth0xZULW8PbCWgcpTcKdxHOyd0HQweDopiX3UdgKmyjknB4PUYkPNVzrbHaP1EEQmbR0e7IE5yxbPyq0y6vTsJX6YkWdK5wzpq3NoPu2UalVBuBeiI5xZiAU5mCbbVptcewnCSx2bh1y8SrVyyUyztV11Vg8vQ1WtCTZblZoYLFKvm2Y6zF1rThYjVsCSffS2y6GNDeJfNELvHzKZIcwD3juUVPw+ECgYEA5fq9C8Oes+/XkS7gDxcjX3Gi+xhGTx2rV7orYJ38oB2zMNpUShfDh43msL8YcRo4d0wtMPMBgayXDdjM7F6S8/rt1eK8gg6jGyEghdUQsD/6xZVHolBM9YUzTCoQFKUINMVugN7YiXy2fqtIDlMpW6RkSFbPw6GS3soJR39gOFcCgYEA3OW5BBpaAq/yStRTapdfesJYj8tEhznlWogkfpjxrSAYAJ/7K/m07eeyDHMU/1ymqMd86+jVw9wIG6Pf0vaUa5sJWTju7TAItls/Xdd3ILXkaKc16zPMgZF0bzukUFtX2n+VWDOO4dgVC2ghVSslUhla+i2hs2jrTMZ7v2TBpXECgYAKFArk0RXLXN9dhWhcQO9T5271AgNSxEIV/hqYiVPg0Gxh36+B77ip4BYT+MvhaPzAfZ4dXwjZ3e5gtPeGBD78Yiq6DM2mBW4wais6sjOhBay/q+MPweUdfVDaLZ22yeSqK1zEWP+0RrrYojjuJ8bQNUwPv34rXJFLIh91+qcE0QKBgQCkfaQye/T+/0orksSzIRmGbmZIXZMgJ2q06aBTbUy6IKX/ASKmcoHajqg1QRUnuzSXhkVt3qof+R9IhdVMYTXQk1h4yj6Q/S3frT8YgDRDdW8qxykNhjsJWOkdU4peFEbtfAgX7/y8DI5POjFoHILkCeGHXqeE0+Iz/7FyqnLQ4QKBgFnW8Pfr6zPnYelRY2RYAawMTqpB71yazDQk5UHUkzhnwJMXjP7zoYVWX4T9p+Dp8JWBO5msxcPpe3QB/07yseF8ZkspbuTi0jzuHO+ptNVmHY2ToOeGsPmWHj8aTCKrWQSS1wt05AtZw3pWVOuk/h8sVzJeXM9rQCI7M5Xe+7/i" ],
>         "certificate" : [ "MIICnzCCAYcCBgGMJd510zANBgkqhkiG9w0BAQsFADATMREwDwYDVQQDDAhqaGlwc3RlcjAeFw0yMzEyMDExNDUxMjVaFw0zMzEyMDExNDUzMDVaMBMxETAPBgNVBAMMCGpoaXBzdGVyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxnHZ9xnXJ+l+3DJAspLarKWfVLNCqNr2WzsCGi2gw85vy1pymscan/eBFu4SpkuGL/SNcbvUYMgXq6HOMhbBgR7vnP0UC3s5khW150MkccXt0nMT0r1m5nxZ9AG1By89IPPjFPSaqBQfsYJ6RaajpOr2QdSCKuT0F8n29ge1j5Fb0O1Fj6aSDvw+gkgUeWxdB4YG9HBsZIzNisVnWmn+3grhXIkPjLe3NJ7eOQgbycCvxa44/JBvDVSH/m7cUZpyDsJvhBZYpUEPnVHPgD4dL5ElIgnK92ccFnu2XuGuCN9HoY8d0u5B78aXQX/C0/W57KxZ2s2aSOsm96Eds1/xZwIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQCt/pyR2aDKD21nHtdrHGlK9hpnwruOTT+Zw/s5nOgvHgfq6WND0btwVre0lfhj0a0N7F5ijEHJlGCyZenW9dZXFP11smm+iYyaFsT45UfL62l+P8+Gmg6lDltX4gI9kIpJe4FgkyG4xYwAooZ3CVIBfz/yAMqrNWf+C2X+cHGouNP2fkWfzesZ8nvjLeUvGf7FsoSjGI7HXc7XevaiynE/O2V2UnU1jH9sF16mleG/tKQ1n6yVGpsQMAOBX4aahT2tSDkWSbtlYJGMzADtL1ENc8Buy0Kf1lRPdRWupva9XjbGVF0kSkIrm4jsLKs7B61eg8uLMR5K6DsAWdEZT7+i" ],
1391,1392c1388,1389
<         "kid" : [ "34d0a122-eec3-4d80-9fbe-d5bafe03108d" ],
<         "secret" : [ "Wo9VNgpS6txAxIQfqzOxK3Ali5SH-deA5obwfKZSEgWJYzgXS1anupUOkSHzRJ91ox6cZeowgcuiYdkfhbPvRQ" ],
---
>         "kid" : [ "4012bce3-1bb7-4a4c-9c6d-19fcbcc8deec" ],
>         "secret" : [ "IaUbzx0SjG-nzc0fh_LExN5f29xXjC-a3gSvBVVOrtiRGZGle3tHgxmpXevTATNPLxJXBCwbG1WhggsOwhd9mA" ],
1402,1403c1399,1400
<         "kid" : [ "77834763-396b-4c41-b3e7-8f2c6222e887" ],
<         "secret" : [ "pSzrk1uYn3RGRANsspoH3w" ],
---
>         "kid" : [ "17d6665b-ad54-4d51-ad63-875a4b88ac63" ],
>         "secret" : [ "60eYp2PKVGNQxOnNBebdQQ" ],
2011c2008
<   "keycloakVersion" : "22.0.5",
---
>   "keycloakVersion" : "23.0.1",

I just wanted to clarify before I make the changes, looking at the diff, deleting "attributes" : { }, "clientRoles" : { }, and "subGroups" : [ ] are my only remaining necessary changes right? The addition of localizationTexts, webAuthnPolicyExtraOrigins, webAuthnPolicyPasswordlessExtraOrigins came directly from RealmRepresentation.java so I assume those are still fine. The rest of the diff is just reordering or key/secret changes.

@vishal423
Copy link
Contributor

Without a complete diff (context), I can't tell if the change is desirable.

"secret" : "7189e879-bf8e-408d-88a7-9905948d0c4c",

These I believe are related to the dynamic secrets that we generate, so, should be fine

"certificate" : [ "MIICnzCCAYcCBgGMJeipgjANBgkqhkiG9w0BAQsFADATMREwDwYDVQQDDAhqaGlwc3RlcjAeFw0yMzEyMDExNTAyMzNaFw0zMz

Can you check why these came up? Is there any change in public certificate/chain?

"kid" : [ "34d0a122-eec3-4d80-9fbe-d5bafe03108d" ],
"secret" : [ "Wo9VNgpS6txAxIQfqzOxK3Ali5SH-deA5obwfKZSEgWJYzgXS1anupUOkSHzRJ91ox6cZeowgcuiYdkfhbPvRQ" ],

Also, do you know why there is a change in above group of keys? It seems related to JWT signing algo and secret.

@theycallmeducks
Copy link
Contributor Author

I did some diffs using main and all the secrets/certificates change every build. "attributes" : { }, "clientRoles" : { }, and subGroups" : [ ] are still in GroupRepresentation.java and seem to have disappeared due to 22372, I see no reason to remove them from jhipster-realm. IMO this PR is fine as is. Let me know if any additional changes are needed.

@mraible
Copy link
Contributor

mraible commented Dec 3, 2023

I say ship it! 🚢

@vishal423 vishal423 merged commit 53e574c into jhipster:main Dec 3, 2023
47 checks passed
@deepu105 deepu105 added this to the 8.1.0 milestone Dec 11, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mraible mraible mraible approved these changes

@vishal423 vishal423 vishal423 approved these changes

Assignees
No one assigned
Labels
theme: docker 🐳 theme: java theme: kubernetes
Projects
None yet
Milestone
8.1.0
Development

Successfully merging this pull request may close these issues.

Upgrade to Keycloak 23
4 participants
@theycallmeducks @vishal423 @mraible @deepu105