JanssenProject · moabu · Jun 27, 2024 · Apr 3, 2024 · Apr 8, 2024 · Apr 16, 2024
@@ -1,4 +1,4 @@
-FROM quay.io/keycloak/keycloak:24.0.3@sha256:0d71412ed56b5f66f7e922efc0c3ff73b3f54ba2fe84fedb5e281a1f90b95bd6 as kc-src
+FROM quay.io/keycloak/keycloak:25.0.1@sha256:a3d10e729b140f5a044f6d04f324aa53ae58ed11398e0e6e432cb98042b41b1f as kc-src
 
 FROM bellsoft/liberica-openjre-alpine:17.0.11@sha256:7d9240b84e806f9759560536bac1ca545fc31c02465a4b1ca7131def4f4ab130
 

@@ -19,7 +19,7 @@
       <maven.min-version>3.3.9</maven.min-version>
       <maven.compiler.source>17</maven.compiler.source>
       <maven.compiler.target>17</maven.compiler.target>
-      <keycloak-server.version>24.0.3</keycloak-server.version>
+      <keycloak-server.version>25.0.1</keycloak-server.version>
       <nimbus.oauth-sdk.version>10.11</nimbus.oauth-sdk.version>
       <nimbus.oauth2-oidc-sdk.version>10.11</nimbus.oauth2-oidc-sdk.version>
       <jackson.coreutils.version>1.8</jackson.coreutils.version>

@@ -17,6 +17,6 @@
   "CRYPTOGRAPHY": "https://files.pythonhosted.org/packages/20/8b/66600f5851ec7893ace9b74445d7eaf3499571b347e339d18c76c876b0f9/cryptography-37.0.4-cp36-abi3-manylinux_2_17_x86_64.manylinux2014_x86_64.whl",
   "TWILIO_MAVEN": "https://repo1.maven.org/maven2/com/twilio/sdk/twilio/",
   "TWILIO_VERSION": "7.17.0",
-  "KC_VERSION": "24.0.3",
+  "KC_VERSION": "25.0.1",
   "OPA_VERSION": "v0.60.0"
 }
@@ -7,7 +7,8 @@ Type=simple
 Environment="JAVA_HOME=%(jre_home)s"
 Environment="KEYCLOAK_ADMIN=admin"
 Environment="KEYCLOAK_ADMIN_PASSWORD=admin"
-ExecStart=%(idp_config_data_dir)s/bin/kc.sh start-dev --log="console,file" --proxy edge --hostname=%(hostname)s --hostname-admin=%(hostname)s --hostname-path=/kc --hostname-strict-https=true --http-enabled=true --http-relative-path=/kc --http-host=127.0.0.1 --http-port=%(idp_config_http_port)s --log="console,file" --log-file="%(idp_config_data_dir)s/logs/keycloak.log" -Dlog.base="%(idp_config_data_dir)s/logs/%(service_name)s.log" -Djans.config.prop.path="%(idp_config_providers_dir)s"
+Environment="JAVA_OPTS_APPEND=-Djans.base=%(jansBaseFolder)s"
+ExecStart=%(idp_config_data_dir)s/bin/kc.sh start-dev
 
 User=jetty
 Group=jetty

@@ -2,6 +2,6 @@
     "parentFlow": "${jans_browser_auth_flow_id}",
     "authenticator": "kc-jans-authn",
     "authenticatorConfig": null,
-    "requirement": "REQUIRED",
+    "requirement": "ALTERNATIVE",
     "priority": 20
  }
@@ -1,6 +1,6 @@
 {
     "name":"jans-user-federation",
-    "providerId": "kc-jans-storage",
+    "providerId": "kc-jans-user-storage",
     "providerType": "org.keycloak.storage.UserStorageProvider",
     "parentId": "${jans_idp_realm}",
     "config": {

@@ -1,63 +1,52 @@
 # Basic settings for running in production. Change accordingly before deploying the server.
 
-# Database
+# Database 
+#db=%{kc_db_provider}
 
-# The database vendor.
-#db=postgres
+# The username of the database user
+#db-username=%(kc_db_username)s
 
-# The username of the database user.
-#db-username=keycloak
-
-# The password of the database user.
-#db-password=password
+# The password of the database user
+#db-password=%(kc_db_password)s
 
 # The full database JDBC URL. If not provided, a default URL is set based on the selected database vendor.
-#db-url=jdbc:postgresql://localhost/keycloak
+#db-url=%(kc_jdbc_url)s
 
 # Observability
 
 # If the server should expose healthcheck endpoints.
-#health-enabled=true
+health-enabled=true
 
 # If the server should expose metrics endpoints.
-#metrics-enabled=true
-
-# HTTP
-
-# The file path to a server certificate or certificate chain in PEM format.
-#https-certificate-file=${kc.home.dir}conf/server.crt.pem
-
-# The file path to a private key in PEM format.
-#https-certificate-key-file=${kc.home.dir}conf/server.key.pem
-
-# The proxy address forwarding mode if the server is behind a reverse proxy.
-#proxy=reencrypt
+metrics-enabled=true
 
-# Do not attach route to cookies and rely on the session affinity capabilities from reverse proxy
-#spi-sticky-session-encoder-infinispan-should-attach-route=false
 
-# Hostname for the Keycloak server.
-#hostname=myhostname
+# Limit the max amount of queued requests 
+http-max-queued-requests=1000
+# Enable the http listener
+http-enabled=true
+# set application hostname 
+hostname=https://%(kc_hostname)s/kc
 
-# Janssen configuration parameters
+# http listen address 
+http-host=127.0.0.1
 
-# Storage SPI Configuration (SCIM)
+# http listen port 
+http-port=%(idp_config_http_port)s
 
-# janssen-auth token endpoint 
-spi-storage-kc-jans-storage-auth-token-endpoint=https://%(hostname)s/%(jans_auth_token_endpoint)s
+# set proxy headers x-forwarded
+proxy-headers=xforwarded
 
-# janssen scim user fetch endpoint 
-# usually of the format https://<server>/jans-scim/restv1/v2/Users
-spi-storage-kc-jans-storage-scim-user-endpoint=https://%(hostname)s/jans-scim/restv1/v2/Users
+http-relative-path=/kc
 
-# scim user search endpoint 
-spi-storage-kc-jans-storage-scim-user-search-endpoint=https://%(hostname)s/jans-scim/restv1/v2/Users/.search
+# log to both console and file 
+log=file,console
 
-# scim oauth scopes
-spi-storage-kc-jans-storage-scim-oauth-scopes=https://jans.io/scim/users.read https://jans.io/scim/users.write
+# log level 
+log-level=INFO
 
-#scim client id 
-spi-storage-kc-jans-storage-scim-client-id=%(saml_scim_client_id)s
+# set log file path 
+log-file=%(idp_config_data_dir)s/logs/keycloak.log
 
-#scim client secret
-spi-storage-kc-jans-storage-scim-client-secret=%(saml_scim_client_pw)s
+# set log file format if applicable 
+#log-file-format=
@@ -0,0 +1 @@
+quarkus.arc.exclude-types=io.jans.**