From bc9ab13ff0c27b71e6b024607b7d8f8f1fb9aacd Mon Sep 17 00:00:00 2001 From: Julian Raufelder Date: Fri, 24 May 2024 13:01:38 +0200 Subject: [PATCH] Update Keycloak to 24.0.4 This update sets verify-profile required to true so we need to provide firstname, lastname and email for each user. Otherwise the user is forced to enter them during first login. Machine login is for those users not possible as long verify-profile is not happy --- .../src/main/resources/application.properties | 2 +- backend/src/main/resources/dev-realm.json | 21 ++++++++++++++++++- keycloak/Dockerfile | 4 ++-- 3 files changed, 23 insertions(+), 4 deletions(-) diff --git a/backend/src/main/resources/application.properties b/backend/src/main/resources/application.properties index e2e825cd..248bcdab 100644 --- a/backend/src/main/resources/application.properties +++ b/backend/src/main/resources/application.properties @@ -33,7 +33,7 @@ hub.keycloak.oidc.cryptomator-client-id=cryptomator %dev.quarkus.keycloak.devservices.start-command=start-dev %dev.quarkus.keycloak.devservices.port=8180 %dev.quarkus.keycloak.devservices.service-name=quarkus-cryptomator-hub -%dev.quarkus.keycloak.devservices.image-name=ghcr.io/cryptomator/keycloak:23.0.7 +%dev.quarkus.keycloak.devservices.image-name=ghcr.io/cryptomator/keycloak:24.0.4 %dev.quarkus.oidc.devui.grant.type=code # OIDC will be mocked during unit tests. Use fake auth url to prevent dev services to start: %test.quarkus.oidc.auth-server-url=http://localhost:43210/dev/null diff --git a/backend/src/main/resources/dev-realm.json b/backend/src/main/resources/dev-realm.json index d60eda30..f8554550 100644 --- a/backend/src/main/resources/dev-realm.json +++ b/backend/src/main/resources/dev-realm.json @@ -49,6 +49,8 @@ "users": [ { "username": "admin", + "firstName": "admin", + "lastName": "admin", "email": "admin@localhost", "enabled": true, "attributes": { @@ -66,18 +68,27 @@ }, { "username": "alice", + "firstName": "alice", + "lastName": "alice", + "email": "alice@localhost", "enabled": true, "credentials": [{"type": "password", "value": "asd"}], "realmRoles": ["user"] }, { "username": "bob", + "firstName": "bob", + "lastName": "bob", + "email": "bob@localhost", "enabled": true, "credentials": [{"type": "password", "value": "asd"}], "realmRoles": ["user"] }, { "username": "carol", + "firstName": "carol", + "lastName": "carol", + "email": "carol@localhost", "enabled": true, "credentials": [{"type": "password", "value": "asd"}], "realmRoles": ["user"], @@ -85,6 +96,9 @@ }, { "username": "dave", + "firstName": "dave", + "lastName": "dave", + "email": "dave@localhost", "enabled": true, "credentials": [{"type": "password", "value": "asd"}], "realmRoles": ["user"], @@ -92,6 +106,9 @@ }, { "username": "erin", + "firstName": "erin", + "lastName": "erin", + "email": "erin@localhost", "enabled": true, "credentials": [{"type": "password", "value": "asd"}], "realmRoles": ["user"], @@ -99,6 +116,8 @@ }, { "username": "syncer", + "firstName": "syncer", + "lastName": "syncer", "email": "syncer@localhost", "enabled": true, "attributes": { @@ -227,4 +246,4 @@ "browserSecurityHeaders": { "contentSecurityPolicy": "frame-src 'self'; frame-ancestors 'self' http://localhost:*; object-src 'none';" } -} \ No newline at end of file +} diff --git a/keycloak/Dockerfile b/keycloak/Dockerfile index a5f3c4cd..efe6976c 100644 --- a/keycloak/Dockerfile +++ b/keycloak/Dockerfile @@ -1,4 +1,4 @@ -FROM quay.io/keycloak/keycloak:23.0.7 as builder +FROM quay.io/keycloak/keycloak:24.0.4 as builder ENV KC_HEALTH_ENABLED=true ENV KC_METRICS_ENABLED=true ENV KC_HTTP_RELATIVE_PATH=/kc @@ -11,7 +11,7 @@ FROM registry.access.redhat.com/ubi9 AS ubi-micro-build RUN mkdir -p /mnt/rootfs RUN dnf install --installroot /mnt/rootfs curl --releasever 9 --setopt install_weak_deps=false --nodocs -y; dnf --installroot /mnt/rootfs clean all -FROM quay.io/keycloak/keycloak:23.0.7 +FROM quay.io/keycloak/keycloak:24.0.4 LABEL maintainer="info@skymatic.de" COPY --from=builder /opt/keycloak/ /opt/keycloak/ COPY --from=ubi-micro-build /mnt/rootfs /