Skip to content

Commit

Permalink
chore(dev-setup): update keycloak to v26
Browse files Browse the repository at this point in the history
  • Loading branch information
@c0rydoras
c0rydoras committed Nov 25, 2024
1 parent 8944049 commit 79c031f
Show file tree
Hide file tree
Showing 2 changed files with 51 additions and 26 deletions.
5 changes: 3 additions & 2 deletions compose.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,7 @@ services:
- TIMED_SSO_CLIENT_ID=timed-public

keycloak:
image: keycloak/keycloak:25.0
image: keycloak/keycloak:26.0.6
depends_on:
- db
volumes:
Expand All @@ -41,12 +41,13 @@ services:
- KC_HOSTNAME_STRICT=false
- KC_HOSTNAME_STRICT_HTTPS=false
- KC_HTTP_RELATIVE_PATH=/auth
- KC_HTTP_ENABLED=true
- KC_PROXY=edge
- KC_DB_PASSWORD=keycloak
- KEYCLOAK_ADMIN_PASSWORD=admin
# import: docker compose exec keycloak /opt/keycloak/bin/kc.sh import --override true --file /opt/keycloak/data/import/config.json
# export: docker compose exec keycloak /opt/keycloak/bin/kc.sh export --file /opt/keycloak/data/import/config.json
command: "start"
command: "start --hostname timed.localhost --proxy-headers xforwarded"

caddy:
image: caddy:2.6-alpine
Expand Down
72 changes: 48 additions & 24 deletions keycloak/config.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -40,6 +40,7 @@
"bruteForceProtected" : false,
"permanentLockout" : false,
"maxTemporaryLockouts" : 0,
"bruteForceStrategy" : "MULTIPLE",
"maxFailureWaitSeconds" : 900,
"minimumQuickLoginWaitSeconds" : 60,
"waitIncrementSeconds" : 60,
Expand Down Expand Up @@ -598,6 +599,7 @@
"frontchannelLogout" : false,
"protocol" : "openid-connect",
"attributes" : {
"realm_client" : "false",
"post.logout.redirect.uris" : "+"
},
"authenticationFlowBindingOverrides" : { },
Expand Down Expand Up @@ -628,6 +630,7 @@
"frontchannelLogout" : false,
"protocol" : "openid-connect",
"attributes" : {
"realm_client" : "false",
"post.logout.redirect.uris" : "+",
"pkce.code.challenge.method" : "S256"
},
Expand Down Expand Up @@ -665,10 +668,12 @@
"frontchannelLogout" : false,
"protocol" : "openid-connect",
"attributes" : {
"realm_client" : "false",
"client.use.lightweight.access.token.enabled" : "true",
"post.logout.redirect.uris" : "+"
},
"authenticationFlowBindingOverrides" : { },
"fullScopeAllowed" : false,
"fullScopeAllowed" : true,
"nodeReRegistrationTimeout" : 0,
"defaultClientScopes" : [ "web-origins", "acr", "profile", "roles", "basic", "email" ],
"optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ]
Expand All @@ -693,6 +698,7 @@
"frontchannelLogout" : false,
"protocol" : "openid-connect",
"attributes" : {
"realm_client" : "true",
"post.logout.redirect.uris" : "+"
},
"authenticationFlowBindingOverrides" : { },
Expand Down Expand Up @@ -721,6 +727,7 @@
"frontchannelLogout" : false,
"protocol" : "openid-connect",
"attributes" : {
"realm_client" : "true",
"post.logout.redirect.uris" : "+"
},
"authenticationFlowBindingOverrides" : { },
Expand Down Expand Up @@ -751,11 +758,13 @@
"frontchannelLogout" : false,
"protocol" : "openid-connect",
"attributes" : {
"realm_client" : "false",
"client.use.lightweight.access.token.enabled" : "true",
"post.logout.redirect.uris" : "+",
"pkce.code.challenge.method" : "S256"
},
"authenticationFlowBindingOverrides" : { },
"fullScopeAllowed" : false,
"fullScopeAllowed" : true,
"nodeReRegistrationTimeout" : 0,
"protocolMappers" : [ {
"id" : "ea06add3-caf3-4b90-b7a6-46e00779f5ef",
Expand Down Expand Up @@ -796,6 +805,7 @@
"frontchannelLogout" : false,
"protocol" : "openid-connect",
"attributes" : {
"realm_client" : "true",
"post.logout.redirect.uris" : "+"
},
"authenticationFlowBindingOverrides" : { },
Expand Down Expand Up @@ -1161,8 +1171,9 @@
"consentRequired" : false,
"config" : {
"user.session.note" : "AUTH_TIME",
"id.token.claim" : "true",
"introspection.token.claim" : "true",
"userinfo.token.claim" : "true",
"id.token.claim" : "true",
"access.token.claim" : "true",
"claim.name" : "auth_time",
"jsonType.label" : "long"
Expand Down Expand Up @@ -1366,7 +1377,7 @@
"subType" : "anonymous",
"subComponents" : { },
"config" : {
"allowed-protocol-mapper-types" : [ "saml-role-list-mapper", "oidc-full-name-mapper", "oidc-address-mapper", "saml-user-property-mapper", "oidc-usermodel-attribute-mapper", "saml-user-attribute-mapper", "oidc-sha256-pairwise-sub-mapper", "oidc-usermodel-property-mapper" ]
"allowed-protocol-mapper-types" : [ "oidc-usermodel-attribute-mapper", "oidc-address-mapper", "oidc-full-name-mapper", "saml-user-attribute-mapper", "saml-role-list-mapper", "saml-user-property-mapper", "oidc-usermodel-property-mapper", "oidc-sha256-pairwise-sub-mapper" ]
}
}, {
"id" : "a95cc0db-8432-4f54-8692-7060275bc1bb",
Expand All @@ -1375,7 +1386,7 @@
"subType" : "authenticated",
"subComponents" : { },
"config" : {
"allowed-protocol-mapper-types" : [ "oidc-usermodel-attribute-mapper", "oidc-full-name-mapper", "saml-role-list-mapper", "oidc-sha256-pairwise-sub-mapper", "saml-user-attribute-mapper", "saml-user-property-mapper", "oidc-usermodel-property-mapper", "oidc-address-mapper" ]
"allowed-protocol-mapper-types" : [ "saml-user-attribute-mapper", "oidc-address-mapper", "oidc-usermodel-attribute-mapper", "oidc-usermodel-property-mapper", "saml-user-property-mapper", "oidc-full-name-mapper", "saml-role-list-mapper", "oidc-sha256-pairwise-sub-mapper" ]
}
}, {
"id" : "9f86543e-5ee6-4e74-93d4-27d83ba95a26",
Expand Down Expand Up @@ -2031,19 +2042,20 @@
"firstBrokerLoginFlow" : "first broker login",
"attributes" : {
"cibaBackchannelTokenDeliveryMode" : "poll",
"cibaExpiresIn" : "120",
"cibaAuthRequestedUserHint" : "login_hint",
"oauth2DeviceCodeLifespan" : "600",
"clientOfflineSessionMaxLifespan" : "0",
"oauth2DevicePollingInterval" : "5",
"clientSessionIdleTimeout" : "0",
"parRequestUriLifespan" : "60",
"clientSessionMaxLifespan" : "0",
"clientOfflineSessionIdleTimeout" : "0",
"cibaInterval" : "5",
"realmReusableOtpCode" : "false"
"realmReusableOtpCode" : "false",
"cibaExpiresIn" : "120",
"oauth2DeviceCodeLifespan" : "600",
"parRequestUriLifespan" : "60",
"clientSessionMaxLifespan" : "0",
"organizationsEnabled" : "false"
},
"keycloakVersion" : "25.0.6",
"keycloakVersion" : "26.0.6",
"userManagedAccessAllowed" : false,
"organizationsEnabled" : false,
"clientProfiles" : {
Expand Down Expand Up @@ -2092,6 +2104,7 @@
"bruteForceProtected" : false,
"permanentLockout" : false,
"maxTemporaryLockouts" : 0,
"bruteForceStrategy" : "MULTIPLE",
"maxFailureWaitSeconds" : 900,
"minimumQuickLoginWaitSeconds" : 60,
"waitIncrementSeconds" : 60,
Expand Down Expand Up @@ -2445,8 +2458,8 @@
"type" : "password",
"userLabel" : "My password",
"createdDate" : 1714984096848,
"secretData" : "{\"value\":\"/BwRnm8T4Hwp5DQeQPEKuXq1LkT9OXBxdslYASCnSOCrR1e3G5fIax68vR/32vd2c2sMkEIclcb1wIEAc2P5zA==\",\"salt\":\"yDatpf5GUoYUPiGS3+gt2Q==\",\"additionalParameters\":{}}",
"credentialData" : "{\"hashIterations\":210000,\"algorithm\":\"pbkdf2-sha512\",\"additionalParameters\":{}}"
"secretData" : "{\"value\":\"7PL8EsLJ2tCJ09D7VZgYoO7brpDXa9NOWQ7nCUJ+WPc=\",\"salt\":\"mePcve1oeX22ZkYOog3QPQ==\",\"additionalParameters\":{}}",
"credentialData" : "{\"hashIterations\":5,\"algorithm\":\"argon2\",\"additionalParameters\":{\"hashLength\":[\"32\"],\"memory\":[\"7168\"],\"type\":[\"id\"],\"version\":[\"1.3\"],\"parallelism\":[\"1\"]}}"
} ],
"disableableCredentialTypes" : [ ],
"requiredActions" : [ ],
Expand Down Expand Up @@ -2533,6 +2546,7 @@
"frontchannelLogout" : false,
"protocol" : "openid-connect",
"attributes" : {
"realm_client" : "false",
"post.logout.redirect.uris" : "+"
},
"authenticationFlowBindingOverrides" : { },
Expand Down Expand Up @@ -2563,6 +2577,7 @@
"frontchannelLogout" : false,
"protocol" : "openid-connect",
"attributes" : {
"realm_client" : "false",
"post.logout.redirect.uris" : "+",
"pkce.code.challenge.method" : "S256"
},
Expand Down Expand Up @@ -2600,10 +2615,12 @@
"frontchannelLogout" : false,
"protocol" : "openid-connect",
"attributes" : {
"realm_client" : "false",
"client.use.lightweight.access.token.enabled" : "true",
"post.logout.redirect.uris" : "+"
},
"authenticationFlowBindingOverrides" : { },
"fullScopeAllowed" : false,
"fullScopeAllowed" : true,
"nodeReRegistrationTimeout" : 0,
"defaultClientScopes" : [ "web-origins", "acr", "roles", "profile", "basic", "email" ],
"optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ]
Expand All @@ -2628,6 +2645,7 @@
"frontchannelLogout" : false,
"protocol" : "openid-connect",
"attributes" : {
"realm_client" : "true",
"post.logout.redirect.uris" : "+"
},
"authenticationFlowBindingOverrides" : { },
Expand Down Expand Up @@ -2656,6 +2674,7 @@
"frontchannelLogout" : false,
"protocol" : "openid-connect",
"attributes" : {
"realm_client" : "true",
"post.logout.redirect.uris" : "+"
},
"authenticationFlowBindingOverrides" : { },
Expand Down Expand Up @@ -2686,11 +2705,13 @@
"frontchannelLogout" : false,
"protocol" : "openid-connect",
"attributes" : {
"realm_client" : "false",
"client.use.lightweight.access.token.enabled" : "true",
"post.logout.redirect.uris" : "+",
"pkce.code.challenge.method" : "S256"
},
"authenticationFlowBindingOverrides" : { },
"fullScopeAllowed" : false,
"fullScopeAllowed" : true,
"nodeReRegistrationTimeout" : 0,
"protocolMappers" : [ {
"id" : "fc23adbd-9cee-40c5-8499-2f64faa91382",
Expand Down Expand Up @@ -2735,6 +2756,7 @@
"frontchannelLogout" : true,
"protocol" : "openid-connect",
"attributes" : {
"realm_client" : "false",
"oidc.ciba.grant.enabled" : "false",
"backchannel.logout.session.required" : "true",
"post.logout.redirect.uris" : "https://timed.local/*##http://localhost:4200/*",
Expand Down Expand Up @@ -3267,8 +3289,9 @@
"consentRequired" : false,
"config" : {
"user.session.note" : "AUTH_TIME",
"id.token.claim" : "true",
"introspection.token.claim" : "true",
"userinfo.token.claim" : "true",
"id.token.claim" : "true",
"access.token.claim" : "true",
"claim.name" : "auth_time",
"jsonType.label" : "long"
Expand Down Expand Up @@ -3329,7 +3352,7 @@
"subType" : "authenticated",
"subComponents" : { },
"config" : {
"allowed-protocol-mapper-types" : [ "oidc-full-name-mapper", "saml-role-list-mapper", "saml-user-property-mapper", "oidc-sha256-pairwise-sub-mapper", "oidc-usermodel-property-mapper", "oidc-address-mapper", "saml-user-attribute-mapper", "oidc-usermodel-attribute-mapper" ]
"allowed-protocol-mapper-types" : [ "oidc-address-mapper", "oidc-usermodel-attribute-mapper", "saml-user-attribute-mapper", "oidc-usermodel-property-mapper", "saml-user-property-mapper", "oidc-full-name-mapper", "saml-role-list-mapper", "oidc-sha256-pairwise-sub-mapper" ]
}
}, {
"id" : "40b4741c-881c-4e25-a993-c63639d7ab69",
Expand All @@ -3356,7 +3379,7 @@
"subType" : "anonymous",
"subComponents" : { },
"config" : {
"allowed-protocol-mapper-types" : [ "oidc-sha256-pairwise-sub-mapper", "saml-user-property-mapper", "oidc-address-mapper", "oidc-full-name-mapper", "saml-user-attribute-mapper", "saml-role-list-mapper", "oidc-usermodel-attribute-mapper", "oidc-usermodel-property-mapper" ]
"allowed-protocol-mapper-types" : [ "saml-role-list-mapper", "oidc-address-mapper", "oidc-sha256-pairwise-sub-mapper", "oidc-usermodel-attribute-mapper", "oidc-usermodel-property-mapper", "saml-user-attribute-mapper", "oidc-full-name-mapper", "saml-user-property-mapper" ]
}
}, {
"id" : "8b8cf966-8bb5-4f30-a22a-cbc74c835df8",
Expand Down Expand Up @@ -3967,19 +3990,20 @@
"firstBrokerLoginFlow" : "first broker login",
"attributes" : {
"cibaBackchannelTokenDeliveryMode" : "poll",
"cibaExpiresIn" : "120",
"cibaAuthRequestedUserHint" : "login_hint",
"oauth2DeviceCodeLifespan" : "600",
"clientOfflineSessionMaxLifespan" : "0",
"oauth2DevicePollingInterval" : "5",
"clientSessionIdleTimeout" : "0",
"parRequestUriLifespan" : "60",
"clientSessionMaxLifespan" : "0",
"clientOfflineSessionIdleTimeout" : "0",
"cibaInterval" : "5",
"realmReusableOtpCode" : "false"
"realmReusableOtpCode" : "false",
"cibaExpiresIn" : "120",
"oauth2DeviceCodeLifespan" : "600",
"parRequestUriLifespan" : "60",
"clientSessionMaxLifespan" : "0",
"organizationsEnabled" : "false"
},
"keycloakVersion" : "25.0.6",
"keycloakVersion" : "26.0.6",
"userManagedAccessAllowed" : false,
"organizationsEnabled" : false,
"clientProfiles" : {
Expand Down

0 comments on commit 79c031f

Please sign in to comment.