Closed calh closed 1 year ago
Hi, currently I will not adapt the project to the new keycloak versions since I am currently working on another project. Once this is done I might use some time to update the source code but I cannot give any date for this at the moment.
Hi,
Indeed the EAR is not supported by Quarkus, but I was able to deploy the SPI by simple copy the file scim-for-keycloak-deployment/target/scim-for-keycloak-*/scim-for-keycloak-server.jar
into /opt/keycloak/providers
and run bin/kc.sh build
. After doing this the SPI and theme is deployed on Keycloak 18.
If you wanna use the /auth
for the API paths you have to pass --http-relative-path=/auth
during kc.sh
build command.
Hi @Captain-P-Goldfish, I am trying to use SCIM functionality for Keycloak v 18. So far, I am able to enable SCIM UI for realms other than master realm and am able to access "SCIM Service Provider Configuration"
http://localhost:8080/admin/master/console/#/realms/test/scim/service-provider/settings
However, when I tried to access "ResourceTypes" tab, it is throwing an error:
Status Code: 404
It is unable to resolve path param "name" when accessing the above URL.
Can you please guide me why this path param "name" is missing when accessing Resource Type?
@irinelbogdan92 Hi, thanks for your information. I tried to do the same thing with you. But I got following error:
ERROR: loader constraint violation: when resolving method 'org.slf4j.ILoggerFactory org.slf4j.impl.StaticLoggerBinder.getLoggerFactory()' the class loader io.quarkus.bootstrap.classloading.QuarkusClassLoader @222eb8aa of the current class, org/slf4j/LoggerFactory, and the class loader java.net.URLClassLoader @c730b35 for the method's defining class, org/slf4j/impl/StaticLoggerBinder, have different Class objects for the type org/slf4j/ILoggerFactory used in the signature (org.slf4j.LoggerFactory is in unnamed module of loader io.quarkus.bootstrap.classloading.QuarkusClassLoader @222eb8aa, parent loader io.quarkus.bootstrap.classloading.QuarkusClassLoader @791d1f8b; org.slf4j.impl.StaticLoggerBinder is in unnamed module of loader java.net.URLClassLoader @c730b35, parent loader 'app')
Could you help me how you resolved this issue?
@irinelbogdan92 Hi, thanks for your information. I tried to do the same thing with you. But I got following error:
ERROR: loader constraint violation: when resolving method 'org.slf4j.ILoggerFactory org.slf4j.impl.StaticLoggerBinder.getLoggerFactory()' the class loader io.quarkus.bootstrap.classloading.QuarkusClassLoader @222eb8aa of the current class, org/slf4j/LoggerFactory, and the class loader java.net.URLClassLoader @c730b35 for the method's defining class, org/slf4j/impl/StaticLoggerBinder, have different Class objects for the type org/slf4j/ILoggerFactory used in the signature (org.slf4j.LoggerFactory is in unnamed module of loader io.quarkus.bootstrap.classloading.QuarkusClassLoader @222eb8aa, parent loader io.quarkus.bootstrap.classloading.QuarkusClassLoader @791d1f8b; org.slf4j.impl.StaticLoggerBinder is in unnamed module of loader java.net.URLClassLoader @c730b35, parent loader 'app')
Could you help me how you resolved this issue?
Remove @Slf4j annotation from the provider factory classes (since no loggers were added in those classes) and rebuild it.
@udayskm Really thanks for your help, the issue was resolved 👍
@udayskm Really thanks for your help, the issue was resolved 👍
Are you able to create Provider Jar and deploy it in Keycloak?
@udayskm No luck on that 😭
@udayskm No luck on that 😭
Since we are not going to generate ear file, we need to use maven-assembly-plugin to generate a final jar with dependencies. By that, we can bundle all dependencies into a single jar.
@udayskm I see, that's why I encountered the class not found error message, I should bundle all of them together. Thanks again for your kindly instruction
Thanks @Captain-P-Goldfish! I placed the new JAR in my providers directory, built a new Docker image, and ran it. My first startup gave me:
liquibase.exception.ValidationFailedException: Validation Failed:
1 change sets check sum
META-INF/scim-changelog.xml::scim-sdk-1.0::pascal knueppel was: 7:54900cba59debc2ce8fe7a3a8067e8b2 but is now: 8:fc78a5690c6c0f158148d1e19cdc6f22
But I realized I still had the same database running with a previous docker storage volume. After deleting the volume and recreating a new postgres container from scratch, it did work.
If I want to move this to my production system, is there something else that needs to be done to trigger the db schema update?
@calh Are you able to enable SCIM in master realm and other realms?
@udayskm, yep! After I nuked my old database schema, it started up and I was able to create a test user & group and get:
curl localhost:8080/auth/realms/master/scim/v2/Users | jq
{
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:ListResponse"
],
"totalResults": 2,
"itemsPerPage": 2,
"startIndex": 1,
"Resources": [
{
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:User"
],
"id": "9cd5e369-7635-456e-9183-b60ae375d9e7",
"userName": "admin",
"active": true,
"meta": {
"resourceType": "User",
"created": "2022-07-14T20:26:42.024Z",
"lastModified": "2022-07-14T20:26:42.024Z",
"location": "http://localhost:8080/auth/realms/master/scim/v2/Users/9cd5e369-7635-456e-9183-b60ae375d9e7"
}
},
{
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:User"
],
"id": "dda754b0-9837-49e0-8f69-97d29095c118",
"userName": "test",
"active": true,
"groups": [
{
"value": "67a28ec0-e578-4ad2-8c30-2a002db81dc2",
"display": "test",
"type": "direct"
}
],
"meta": {
"resourceType": "User",
"created": "2022-07-14T20:39:40.923Z",
"lastModified": "2022-07-14T20:39:40.923Z",
"location": "http://localhost:8080/auth/realms/master/scim/v2/Users/dda754b0-9837-49e0-8f69-97d29095c118"
}
}
]
}
Thanks @Captain-P-Goldfish! I placed the new JAR in my providers directory, built a new Docker image, and ran it. My first startup gave me:
liquibase.exception.ValidationFailedException: Validation Failed: 1 change sets check sum META-INF/scim-changelog.xml::scim-sdk-1.0::pascal knueppel was: 7:54900cba59debc2ce8fe7a3a8067e8b2 but is now: 8:fc78a5690c6c0f158148d1e19cdc6f22
But I realized I still had the same database running with a previous docker storage volume. After deleting the volume and recreating a new postgres container from scratch, it did work.
If I want to move this to my production system, is there something else that needs to be done to trigger the db schema update?
There are no changes on the liquibase files so I can only assume that this has to do with the classpath that is entered into the database when liquibase creates its checksums. It should be possible to fix it by executing the following sql-query:
update keycloak.DATABASECHANGELOG_SCIM_JPA_E set MD5SUM=null;
I started fresh to see if I could recreate the same problem, and it didn't happen again.
I must have messed up my change logs from installing various things in the past.
this is a migration problem when switching from 16 or before to 18. This might have happened because the deployment was changed from ear to jar. So this problem would only occur if the scim-for-keycloak deployment was already present in a keycloak of version 16 or before and if you add it then to keycloak 18 the problem should be recreated.
Hi,
Do you have any plans to support the new Keycloak Quarkus deployments, after version 17.0.0? From what I've been reading, there aren't that many changes other than the removal of Wildfly. And the deploy process is slightly different.
I'm playing around with Keycloak 18.0.0, and copied the scim-for-keycloak EAR file as a JAR file into the
providers
directory, but the scim theme wasn't loaded. I manually copied the scim theme into thethemes
directory, but the SCIM admin link is not present in the UI. If I try to manually hit/admin/master/console/#/realms/master/scim/service-provider/settings
I get an HTTP 404 from/realms/master/scim/admin/serviceProviderConfig
I also tested with
KC_HTTP_RELATIVE_PATH=/auth
for backwards compatibility with the paths, but the same thing happened.Any suggestions for me?
Thanks!