diff --git a/api/src/Security/Http/Protection/ResourceResourceHandler.php b/api/src/Security/Http/Protection/ResourceResourceHandler.php index 73dc4b627..83c87042f 100644 --- a/api/src/Security/Http/Protection/ResourceResourceHandler.php +++ b/api/src/Security/Http/Protection/ResourceResourceHandler.php @@ -114,7 +114,9 @@ private function getTokenEndpoint(): string $response = $this->securityAuthorizationClient->request('GET', '.well-known/openid-configuration'); $content = $response->toArray(); - return $content['token_endpoint']; + // horrible fix for local development, can't find another way to fix it + // since bitnami/keycloak:^25 returns the configured hostname instead of the requested one + return \preg_replace('#^https?://localhost/#', 'http://keycloak:8080/', $content['token_endpoint']); } private function getResourceRegistrationEndpoint(): string @@ -122,6 +124,8 @@ private function getResourceRegistrationEndpoint(): string $response = $this->securityAuthorizationClient->request('GET', '.well-known/uma2-configuration'); $content = $response->toArray(); - return $content['resource_registration_endpoint']; + // horrible fix for local development, can't find another way to fix it + // since bitnami/keycloak:^25 returns the configured hostname instead of the requested one + return \preg_replace('#^https?://localhost/#', 'http://keycloak:8080/', $content['resource_registration_endpoint']); } } diff --git a/compose.e2e.yaml b/compose.e2e.yaml index 80fb79663..bc33df120 100644 --- a/compose.e2e.yaml +++ b/compose.e2e.yaml @@ -5,11 +5,8 @@ services: KEYCLOAK_HTTPS_USE_PEM: "true" KEYCLOAK_HTTPS_CERTIFICATE_FILE: /opt/bitnami/keycloak/certs/tls.crt KEYCLOAK_HTTPS_CERTIFICATE_KEY_FILE: /opt/bitnami/keycloak/certs/tls.key + KEYCLOAK_EXTRA_ARGS: "--features=\"hostname:v2,scripts,persistent-user-sessions:v1\" --import-realm" volumes: - ./helm/api-platform/keycloak/certs/tls.crt:/opt/bitnami/keycloak/certs/tls.crt:ro - ./helm/api-platform/keycloak/certs/tls.pem:/opt/bitnami/keycloak/certs/tls.key:ro - - keycloak-config-cli: - extends: - file: compose.override.yaml - service: keycloak-config-cli + - ./helm/api-platform/keycloak/config:/opt/bitnami/keycloak/data/import diff --git a/compose.override.yaml b/compose.override.yaml index b073517e7..6a3db7978 100644 --- a/compose.override.yaml +++ b/compose.override.yaml @@ -50,17 +50,8 @@ services: build: context: ./helm/api-platform/keycloak/ target: keycloak - volumes: - - ./helm/api-platform/keycloak/themes/api-platform-demo:/opt/bitnami/keycloak/themes/api-platform-demo - - keycloak-config-cli: - image: bitnami/keycloak-config-cli:5-debian-12 environment: - KEYCLOAK_URL: http://keycloak:8080/oidc/ - KEYCLOAK_USER: ${KEYCLOAK_ADMIN_USER:-admin} - KEYCLOAK_PASSWORD: ${KEYCLOAK_ADMIN_PASSWORD:-!ChangeMe!} - KEYCLOAK_AVAILABILITYCHECK_ENABLED: "true" - KEYCLOAK_AVAILABILITYCHECK_TIMEOUT: 120s - IMPORT_FILES_LOCATIONS: "/config/*" + KEYCLOAK_EXTRA_ARGS: "--features=\"hostname:v2,scripts,persistent-user-sessions:v1\" --import-realm" volumes: - - ./helm/api-platform/keycloak/config:/config + - ./helm/api-platform/keycloak/themes/api-platform-demo:/opt/bitnami/keycloak/themes/api-platform-demo + - ./helm/api-platform/keycloak/config:/opt/bitnami/keycloak/data/import diff --git a/compose.yaml b/compose.yaml index 87a8750cc..97adb7903 100644 --- a/compose.yaml +++ b/compose.yaml @@ -83,11 +83,9 @@ services: KEYCLOAK_ADMIN_PASSWORD: ${KEYCLOAK_ADMIN_PASSWORD:-!ChangeMe!} # Must finish with a trailing slash (https://github.com/bitnami/charts/issues/10885#issuecomment-1414279144) KEYCLOAK_HTTP_RELATIVE_PATH: /oidc/ - # https://www.keycloak.org/server/hostname - KC_HOSTNAME_URL: https://${SERVER_NAME:-localhost}/oidc/ - KC_HOSTNAME_ADMIN_URL: https://${SERVER_NAME:-localhost}/oidc/ - # https://www.keycloak.org/server/features - KC_FEATURES: "scripts" + KEYCLOAK_HOSTNAME: https://${SERVER_NAME:-localhost}/oidc/ + KEYCLOAK_HOSTNAME_ADMIN: https://${SERVER_NAME:-localhost}/oidc/ + KEYCLOAK_EXTRA_ARGS: "--features=\"hostname:v2,scripts,persistent-user-sessions:v1\"" depends_on: - keycloak-database ports: diff --git a/helm/api-platform/keycloak/Dockerfile b/helm/api-platform/keycloak/Dockerfile index d5e2b08d5..bcdb365b5 100644 --- a/helm/api-platform/keycloak/Dockerfile +++ b/helm/api-platform/keycloak/Dockerfile @@ -4,7 +4,7 @@ # Versions -FROM bitnami/keycloak:24-debian-12 AS keycloak_upstream +FROM bitnami/keycloak:26-debian-12 AS keycloak_upstream # The different stages of this Dockerfile are meant to be built into separate images diff --git a/helm/api-platform/values.yaml b/helm/api-platform/values.yaml index 229d8d8bc..9329aec9c 100644 --- a/helm/api-platform/values.yaml +++ b/helm/api-platform/values.yaml @@ -108,14 +108,16 @@ keycloak: service: type: ClusterIP extraEnvVars: - # Must set KC_HOSTNAME_URL to force https + relative path - - name: KC_HOSTNAME_URL + # Must set KEYCLOAK_HOSTNAME to force https + relative path + - name: KEYCLOAK_HOSTNAME value: "https://chart-example.local/oidc/" - # Must set KC_HOSTNAME_ADMIN because of relative path - - name: KC_HOSTNAME_ADMIN_URL + # Must set KEYCLOAK_HOSTNAME_ADMIN because of relative path + - name: KEYCLOAK_HOSTNAME_ADMIN value: "https://chart-example.local/oidc/" - name: KEYCLOAK_PRODUCTION value: "true" + - name: KEYCLOAK_EXTRA_ARGS + value: "--features=\"hostname:v2,scripts,persistent-user-sessions:v1\"" # must finish with a trailing slash (https://github.com/bitnami/charts/issues/10885#issuecomment-1414279144) httpRelativePath: /oidc/ proxy: edge @@ -137,7 +139,7 @@ keycloak: - -jar - /opt/bitnami/keycloak-config-cli/keycloak-config-cli.jar image: - tag: 5-debian-12 + tag: 6-debian-12 postgresql: enabled: true nameOverride: postgresql-keycloak