Upgrade to the Quarkus-based Keycloak distribution #64
Comments
|
I've now bumped the version to keycloak 18.0.0, but I have not looked into making it compatible with the quarkus distribution. If you don't mind, I'll update the title of this one to indicate the desire to move to that. |
lmsurpre
changed the title
|
I don't have immediate plans for looking into the Quarkus distribution...any insights you (or others) can provide on the changes required for that would be most welcome. |
|
For cases where a user has access to more than one patient and a Also, if its needed, feel free to open an issue at IBM/FHIR to request quarkus support from the main libs (fhir-model and fhir-provider) there. |
|
@lmsurpre - We had some luck getting this to work on the Quarkus version. We used the HAPI client libs rather than Jboss to query the FHIR server and packaged the custom authenticator as a shaded/uber jar which can then be deployed with Keycloak at a specific path. There are of course a lot of differences in how to configure and run Keycloak in the latest version as well. I hope to share this back when we get to a stable point, but wanted to update that it's possible and not too difficult or different really from what you had. |
|
@jigneshmpatel - I have my working copy here: https://github.com/XcrigX/keycloak-extensions-for-fhir/tree/quarkus-update I'm still working through some issues with the unit tests so I haven't pushed it to this repo yet. There is also some work to do to update the readme. I'll update here when I get it fully functioning - I think it's 95% there. |
|
@XcrigX thank you for response. Since the window of certification of g10 is very close, how do we jump in and start working. Is it only test cases are not working? |
|
Some context: I have everything working in a different/private repo we had started from scratch using this project as a guide. I'm down to one strange test failure. The KeyCloakConfig.PropertyGroupTest fails when running from command line, but works in Eclipse. I'm out of time to figure it out today though.. Feel free to grab it and build it. Keycloak does come up. Be warned - I found Keycloak to be tricky to get configured to run in real environment (behind a reverse-proxy, admin console not publicly available, TLS, etc.). |
|
ok see if there is a progress being made towards the end of week, we will start exploring about sometime early next week. |
|
fyi, unit test errors all fixed now - was just an issue with the surefire plugin version and junit5 |
|
NOTE: I deleted and recreated the branch also so I could squash everything into 1 commit: https://github.com/XcrigX/keycloak-extensions-for-fhir/tree/feature/quarkus-update |
|
That is awesome so @XcrigX <https://github.com/XcrigX> this branch code
does not require any mocifcations?
https://github.com/XcrigX/keycloak-extensions-for-fhir/tree/quarkus-update
…On Fri, Oct 7, 2022 at 11:43 AM Lee Surprenant ***@***.***> wrote:
Thats awesome @XcrigX <https://github.com/XcrigX> ... please open a PR if
you're interested in contributing that.
We do follow DCO
<https://github.com/Alvearie/keycloak-extensions-for-fhir/blob/main/CONTRIBUTING.md#developers-certificate-of-origin>
here and so you'd need to amend your commit to add a single-line signoff.
—
Reply to this email directly, view it on GitHub
<#64 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAF6OEBGSW5KKMMM3IC3I3LWCBAIVANCNFSM5U4MDYYQ>
.
You are receiving this because you were mentioned.Message ID:
***@***.***>
|
|
pushed another update to fix some docker build issues and update the readme to reflect proper docker build commands and paths. @jigneshmpatel - I haven't run it through the ringer yet to functionally test it and I may not get to that right now. The images build and come up. The code should not require any modifications unless there are bugs/issues - however you will need to make your own Dockerfile if you intend to deploy it in a non-test environment. You'll need to fill in various env variables to the container for your environment (database, hostnames, etc.) , and you'd want to start keycloak NOT in dev mode. |
|
got it. |
|
are there build steps I can follow? |
|
I am not able to run not only that localhost:8080 doesn't not show appropriate screen to login, instead gives following message: I have tried with JDK 11 and JDK 17. |
|
My team member able to bring up the server in main branch but as stated above I can't run the feature/quarkus-update branch. |
|
@jigneshmpatel - Be sure to check that you are connected to the proper branch - I deleted and recreated it a couple of times. You could also access the code from the PR I submitted: Once you've verified you have the latest updates from the proper branch, these commands I think should work to start it: docker build . -f keycloak-config/Dockerfile -t alvearie/keycloak-config docker run -v /local/config/dir:/config -e KEYCLOAK_BASE_URL=http://host.docker.internal:8080 alvearie/keycloak-config -configFile config/keycloak-config.json You'd then need to build and run the keycloakConfig container as well once that is working to create the test realm with SMART support. |
|
apologies, I gave the keycloak config info above.. The smart keycloak command would be: docker run -p 8080:8080 -p 8443:8443 -e KEYCLOAK_ADMIN=admin -e KEYCLOAK_ADMIN_PASSWORD=admin alvearie/smart-keycloak |
|
Is it advisable to run with JDK 17? As it has a long term support. |
|
We need some guidance |
|
@jigneshmpatel - Suggest you re-read the readme wiki for this project. It's not a complete implementation of all things Smart on FHIR. Rather it extends Keycloak to add support for some things in the SMART spec which are not supported by Keycloak out of the box. I have not looked into using it for use-cases other than launch/patient. Presumably for most of those the EHR would already have an authenticated user - so I'm not certain where Keycloak would even play a role unless it is the Auth server for the EHR. For general SMART on FHIR info/questions (not specific to Keycloak), you can also utilize the SMART channel/stream here: https://chat.fhir.org/ |
The current project is fixed to Keycloak 16.1.1.
It appears starting with Keycloak 17, significant changes have been made to how keycloak configuration works:
https://www.keycloak.org/docs/latest/release_notes/index.html#keycloak-17-0-0
"The default Keycloak distribution is now based on Quarkus. The new distribution is faster, leaner, and a lot easier to configure!
We appreciate migrating from the WildFly distribution is not going to be straightforward for everyone, since how you start and configure Keycloak has radically changed. With that in mind we will continue to support the WildFly distribution until June 2022."
Note also the end support date of June 2022.
Are the maintainers here planning an update, or should your (very appreciative) users plan this on their own?
Thanks!
NOTE: I haven't tried or looked deeply into the changes or upgrading as of yet, but will share back anything I learn or do here.
The text was updated successfully, but these errors were encountered: