An open source enterprise digital identity platform for CIAM or workforce... Janssen is a distribution of standards-based, developer friendly, components that are engineered to work together in any cloud. #OAuth #OpenID #FIDO
The keycloak SPIs have been merged into a single SPI to reduce duplicate dependencies between SPIs and bring them under one umbrella. The artifact that bundles them all is called kc-jans-spi with the binaries being built here https://jenkins.jans.io/maven/io/jans/kc-jans-spi/1.1.3-SNAPSHOT/
Remove reference to the following SPIs:
kc-jans-authn-plugin
kc-jans-storage-plugin
Instead of copying their files to /opt/keycloak/providers , copy the files for kc-jans-spi in the same directory.
Quarkus properties file for CDI
A quarkus properties file has been added in jans-linux-setup/jans_setup/templates/jans_saml/quarkus.properties. During setup , copy said file to /opt/keycloak/conf/
Changes to service file
Changes have been made to kc.service ,specifically the startup command ExecStart. All it's parameters have been removed and moved to jans-linux-setup/jans_setup/templates/jans-saml/keycloak.conf
Make sure the file is properly rendered with the correct parameters.
In addition , make sure the parameter jansBaseFolder is available when the kc.service service template is being rendered.
This contains the base configuration folder for jans (/etc/jans) usually.
Remove reference to Jans SCIM Client
There was a requirement to create a scim client called Jans SCIM Client for SAML. We will have to remove it as it is no more necessary.
Switch keycloak from dev to production.
In kc.service , the start argument is start-dev , but ought to be start so we run in production mode , but this requires switch from the H2 file database used by keycloak to a production database. This may require further discussion , but I think it can be done already for postgresql. Supported databases by keycloak can be found here https://www.keycloak.org/server/db.
But when the database we use to install is postgresql , for now , let's do the following:
In the kc.service file , in the startup command , switch from start-dev to start
create a postgresql user called keycloak and a database of the same name.
add the above to the parameters to render the file keycloak.conf (check the db,db-username,db-password and db-url in the same file). The db-url should be of the format jdbc:postgresql://<server>:<port>/<db-name>
In addition during startup , it's important to run /opt/keycloak/bin/kc.sh build before starting the keycloak service.
Completes issue #8614 . Completes issue #7399 .
Update to SPIs
The keycloak SPIs have been merged into a single SPI to reduce duplicate dependencies between SPIs and bring them under one umbrella. The artifact that bundles them all is called
kc-jans-spi
with the binaries being built here https://jenkins.jans.io/maven/io/jans/kc-jans-spi/1.1.3-SNAPSHOT/ Remove reference to the following SPIs:kc-jans-authn-plugin
kc-jans-storage-plugin
Instead of copying their files to
/opt/keycloak/providers
, copy the files forkc-jans-spi
in the same directory.Quarkus properties file for CDI
A quarkus properties file has been added in
jans-linux-setup/jans_setup/templates/jans_saml/quarkus.properties
. During setup , copy said file to/opt/keycloak/conf/
Changes to service file
Changes have been made to
kc.service
,specifically the startup commandExecStart
. All it's parameters have been removed and moved tojans-linux-setup/jans_setup/templates/jans-saml/keycloak.conf
Make sure the file is properly rendered with the correct parameters. In addition , make sure the parameterjansBaseFolder
is available when thekc.service
service template is being rendered. This contains the base configuration folder for jans (/etc/jans
) usually.Remove reference to Jans SCIM Client
There was a requirement to create a scim client called
Jans SCIM Client for SAML
. We will have to remove it as it is no more necessary.Switch keycloak from dev to production.
In
kc.service
, the start argument isstart-dev
, but ought to bestart
so we run in production mode , but this requires switch from the H2 file database used by keycloak to a production database. This may require further discussion , but I think it can be done already for postgresql. Supported databases by keycloak can be found here https://www.keycloak.org/server/db. But when the database we use to install is postgresql , for now , let's do the following:start-dev
tostart
keycloak
and a database of the same name.add the above to the parameters to render the file
keycloak.conf
(check thedb
,db-username
,db-password
anddb-url
in the same file). Thedb-url
should be of the formatjdbc:postgresql://<server>:<port>/<db-name>
In addition during startup , it's important to run
/opt/keycloak/bin/kc.sh build
before starting the keycloak service.