-
Notifications
You must be signed in to change notification settings - Fork 150
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Keycloak 26.0.0 #1162
Keycloak 26.0.0 #1162
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can you please update the change log.
I just tested this branch and it worked for me. However, I didn't test any KC26 specific configuration. |
I also think we can drop the support for KC 18.x with the upgrade to KC26. |
# Conflicts: # CHANGELOG.md
…eycloak core and libraries. Rename import folder. Bump Keycloak version in .env and Dockerfile.
Tested and this works for us as well. There was one bug we noticed though caused by this change in Keycloak 26 https://www.keycloak.org/docs/latest/release_notes/index.html#identity-providers-no-longer-available-from-the-realm-representation. The realm representation no longer contains identity provider mappers and so |
I also stumbled upon this, according to https://www.keycloak.org/docs/26.0.2/upgrading/#identity-providers-no-longer-available-from-the-realm-representation we now need to query the endpoint @SmithJosh I just gave this another try and it worked for me. I did the following:
Which IdP update scenario did not work for you?
To:
|
I updated my branch https://github.com/thomasdarimont/keycloak-config-cli/tree/update/keycloak-26.0.x with the fixed IdentityProviders lookup. |
# Conflicts: # pom.xml
I had a look at the branch of @thomasdarimont. Several tests are failing because Keycloak added constraints in Keycloak 26 when deleting an authentication flow. One of the constraints is that when a client overrides the default browser flow with a "custom flow", one can not just delete the "custom flow" later. If we import a config file which defines the "custom flow", the strategy so far is to first delete the "custom flow" and readd it. But this leads to error in Keycloak. I think we have to find a solution for that. |
…instead realm. Adaptation @thomasdarimont's awesome work.
…ommon-synced (missed field which were added in c4005d2 commit).
Thanks @thomasdarimont for help. Also it seems after keycloak/keycloak@c4005d2 client-common-sync from https://github.com/keycloak/keycloak-client/ need to be update. They added the new field in RealmRepresentation but not synced the keycloak-client repo. |
Also keycloak 26.0.4 released. |
Keycloak 26.0.5 was released |
pom.xml
Outdated
@@ -59,7 +59,9 @@ | |||
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding> | |||
<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding> | |||
|
|||
<keycloak.version>${keycloak.version}</keycloak.version> | |||
<keycloak.version>${keycloak.version}}</keycloak.version> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
${keycloak.version}} ? There are two }
and I don't understand it. keycloak.version points to keycloak.version that looks weird
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this is a mistake
…entity providers added condition how to obtain them.
issue is fix |
Failed tests with And failed test with |
Why keycloak should allow to delete and recreate a flow that is currently in use in a client? |
There are two ways:
But in previous versions of keycloak these tests succeed, need to find out what was changed in keycloak. |
|
The specific code is here in /**
* Deletes the top-level flow and all its executions and recreates them.
*/
private void recreateTopLevelFlow(
RealmImport realmImport,
AuthenticationFlowRepresentation topLevelFlowToImport,
AuthenticationFlowRepresentation existingAuthenticationFlow
) {
AuthenticationFlowRepresentation patchedAuthenticationFlow = CloneUtil.patch(
existingAuthenticationFlow, topLevelFlowToImport, "id"
);
if (existingAuthenticationFlow.isBuiltIn()) {
throw new InvalidImportException(String.format(
"Unable to recreate flow '%s' in realm '%s': Deletion or creation of built-in flows is not possible",
patchedAuthenticationFlow.getAlias(), realmImport.getRealm()
));
}
UsedAuthenticationFlowWorkaroundFactory.UsedAuthenticationFlowWorkaround workaround = workaroundFactory.buildFor(realmImport);
workaround.disableTopLevelFlowIfNeeded(topLevelFlowToImport.getAlias());
authenticatorConfigImportService.deleteAuthenticationConfigs(realmImport, patchedAuthenticationFlow);
authenticationFlowRepository.delete(realmImport.getRealm(), patchedAuthenticationFlow.getId());
authenticationFlowRepository.createTopLevel(realmImport.getRealm(), patchedAuthenticationFlow);
AuthenticationFlowRepresentation createdTopLevelFlow = authenticationFlowRepository.getByAlias(
realmImport.getRealm(), topLevelFlowToImport.getAlias()
);
executionFlowsImportService.createExecutionsAndExecutionFlows(realmImport, topLevelFlowToImport, createdTopLevelFlow);
workaround.resetFlowIfNeeded();
} |
…fter create. Add variable to set Keycloak log level.
… config when client without overrides).
…tings in the keycloak.
@bohmber I found the original issue: keycloak/keycloak#30707. So, I replace all overrides with temporary flow before deletion and restore after creation. |
@ma1uta The last failing test is something similar 8f2f5dc in the file 44_update_realm_remove_authz_policy_realm-management.json the |
Keycloak create AuthorizationSettings in two cases:
|
Quality Gate passedIssues Measures |
@ma1uta good point. That was exactly the code I was searching for the behavior |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good for me. Tested it with Keycloak 26 and our configuration yesterday
Hey @francis-pouatcha, when can we expect a new release with the v26 compatible jar? Thanks |
What this PR does / why we need it:
Add support for Keycloak 26.0.0
Which issue this PR fixes (optional, in
fixes #<issue number>(, fixes #<issue_number>, ...)
format, will close that issue when PR gets merged): fixes #1160Special notes for your reviewer:
PR Readiness Checklist:
Complete these before marking the PR as
ready to review
:CHANGELOG.md
release notes have been updated to reflect any significant (and particularly user-facing) changes introduced by this PR