From 0932538e57ec1f26aa70186eaa2ec58b78f28bff Mon Sep 17 00:00:00 2001
From: TomJKing <tom.king@nationalarchives.gov.uk>
Date: Mon, 9 Dec 2024 15:31:53 +0000
Subject: [PATCH 1/3] Upgrade to version 26

---
 Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Dockerfile b/Dockerfile
index 0698ec2b..5a39f248 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,4 +1,4 @@
-FROM quay.io/keycloak/keycloak:25.0.4 as builder
+FROM quay.io/keycloak/keycloak:26.0.7 as builder
 FROM registry.access.redhat.com/ubi9-minimal
 COPY --from=builder /opt/keycloak/ /opt/keycloak/
 USER root

From 5f9ac9b05ae7c1f6bc5186d6e40feac36d73165d Mon Sep 17 00:00:00 2001
From: TomJKing <tom.king@nationalarchives.gov.uk>
Date: Mon, 9 Dec 2024 15:37:12 +0000
Subject: [PATCH 2/3] Update README

---
 README.md | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/README.md b/README.md
index 6480a813..74a86d2e 100644
--- a/README.md
+++ b/README.md
@@ -168,7 +168,7 @@ To run, build and test locally:
     * Run the local docker image:
        ```
        [root directory] $ docker run -d --name [some name] -p 8081:8080 \
-       -e KEYCLOAK_ADMIN=admin -e KEYCLOAK_ADMIN_PASSWORD=admin -e KEYCLOAK_IMPORT=/keycloak-configuration/tdr-realm.json \
+       -e KC_BOOTSTRAP_ADMIN_USERNAME=admin -e KC_BOOTSTRAP_ADMIN_PASSWORD=admin -e KEYCLOAK_IMPORT=/keycloak-configuration/tdr-realm.json \
        -e REALM_ADMIN_CLIENT_SECRET=[some value] -e CLIENT_SECRET=[some value] -e BACKEND_CHECKS_CLIENT_SECRET=[some value] \
        -e REPORTING_CLIENT_SECRET=[some value] \
        -e USER_ADMIN_CLIENT_SECRET=[some value] \
@@ -185,8 +185,8 @@ To run, build and test locally:
        -e BLOCK_SHARED_PAGES=false
        [account id].dkr.ecr.[region].amazonaws.com/tdr-auth-server:[your build tag]
        ```
-       * `KEYCLOAK_ADMIN`: root Keycloak username
-       * `KEYCLOAK_ADMIN_PASSWORD`: password for the root Keycloak user
+       * `KC_BOOTSTRAP_ADMIN_USERNAME`: root Keycloak username
+       * `KC_BOOTSTRAP_ADMIN_PASSWORD`: password for the root Keycloak user
        * `KEYCLOAK_IMPORT`: Location of the generated Keycloak TDR realm json file that contains the configuration for the TDR realm
        * `REALM_ADMIN_CLIENT_SECRET`: tdr realm admin client secret value
        * `CLIENT_SECRET`: tdr client secret value

From a91e272db499f709c7ea706979074a4b4cb1e44b Mon Sep 17 00:00:00 2001
From: TomJKing <tom.king@nationalarchives.gov.uk>
Date: Wed, 11 Dec 2024 06:46:11 +0000
Subject: [PATCH 3/3] Turn on escaping slashes in group names

---
 keycloak.conf | 1 +
 1 file changed, 1 insertion(+)

diff --git a/keycloak.conf b/keycloak.conf
index 1c9a2ba8..8387219a 100644
--- a/keycloak.conf
+++ b/keycloak.conf
@@ -10,3 +10,4 @@ spi-events-listener-event-publisher-enabled=true
 spi-events-listener-jboss-logging-enabled=true
 features=client-secret-rotation,admin-fine-grained-authz
 health-enabled=true
+spi-group-jpa-escape-slashes-in-group-path=true