upgrade keycloak to v20 (#897)

tcnichol · web-flow · commit fd7ee00080b3 · 2024-02-01T13:20:35.000-06:00
* keycloak in dev now v20

* tested - dev realm json works has openid

* adding openid to realm.json for kubernetes deployments
diff --git a/deployments/kubernetes/charts/clowder2/files/realm.json b/deployments/kubernetes/charts/clowder2/files/realm.json
@@ -197,7 +197,8 @@
         "acr",
         "roles",
         "profile",
-        "email"
+        "email",
+        "openid"
       ],
       "optionalClientScopes": [
         "address",
@@ -472,6 +473,18 @@
         }
       ]
     },
+    {
+      "id": "27b15f8c-ea65-4288-bfd5-bd88eb1d05cf",
+      "name": "openid",
+      "description": "",
+      "protocol": "openid-connect",
+      "attributes": {
+        "include.in.token.scope": "true",
+        "display.on.consent.screen": "true",
+        "gui.order": "",
+        "consent.screen.text": ""
+      }
+    },
     {
       "id": "9489cfcc-4415-4d08-a792-988d995a3edb",
       "name": "web-origins",
@@ -942,7 +955,8 @@
     "email",
     "roles",
     "web-origins",
-    "acr"
+    "acr",
+    "openid"
   ],
   "defaultOptionalClientScopes": [
     "offline_access",
diff --git a/docker-compose.dev.yml b/docker-compose.dev.yml
@@ -75,7 +75,7 @@ services:
         POSTGRES_PASSWORD: password
 
   keycloak:
-      image: quay.io/keycloak/keycloak:19.0
+      image: quay.io/keycloak/keycloak:20.0
       volumes:
         - ./scripts/keycloak/clowder-realm-dev.json:/opt/keycloak/data/import/realm.json:ro
         - ./scripts/keycloak/clowder-theme/:/opt/keycloak/themes/clowder-theme/:ro
diff --git a/scripts/keycloak/clowder-realm-dev.json b/scripts/keycloak/clowder-realm-dev.json
@@ -332,7 +332,8 @@
         "web-origins",
         "roles",
         "profile",
-        "email"
+        "email",
+        "openid"
       ],
       "optionalClientScopes": [
         "address",
@@ -506,6 +507,18 @@
         }
       ]
     },
+    {
+      "id": "27b15f8c-ea65-4288-bfd5-bd88eb1d05cf",
+      "name": "openid",
+      "description": "",
+      "protocol": "openid-connect",
+      "attributes": {
+        "include.in.token.scope": "true",
+        "display.on.consent.screen": "true",
+        "gui.order": "",
+        "consent.screen.text": ""
+      }
+    },
     {
       "id": "aeeafc25-f5bc-4f8d-88c5-0b4150415d50",
       "name": "roles",
@@ -931,7 +944,8 @@
     "profile",
     "email",
     "roles",
-    "web-origins"
+    "web-origins",
+    "openid"
   ],
   "defaultOptionalClientScopes": [
     "offline_access",
diff --git a/scripts/keycloak/clowder-realm-prod.json b/scripts/keycloak/clowder-realm-prod.json
@@ -610,7 +610,8 @@
         "web-origins",
         "roles",
         "profile",
-        "email"
+        "email",
+        "openid"
       ],
       "optionalClientScopes": [
         "address",
@@ -807,6 +808,18 @@
         }
       ]
     },
+    {
+      "id": "27b15f8c-ea65-4288-bfd5-bd88eb1d05cf",
+      "name": "openid",
+      "description": "",
+      "protocol": "openid-connect",
+      "attributes": {
+        "include.in.token.scope": "true",
+        "display.on.consent.screen": "true",
+        "gui.order": "",
+        "consent.screen.text": ""
+      }
+    },
     {
       "id": "aeeafc25-f5bc-4f8d-88c5-0b4150415d50",
       "name": "roles",
@@ -1234,7 +1247,8 @@
     "email",
     "roles",
     "web-origins",
-    "acr"
+    "acr",
+    "openid"
   ],
   "defaultOptionalClientScopes": [
     "offline_access",
diff --git a/scripts/keycloak/full-kube-clowder-realm-prod.json b/scripts/keycloak/full-kube-clowder-realm-prod.json
@@ -316,7 +316,8 @@
         "web-origins",
         "roles",
         "profile",
-        "email"
+        "email",
+        "openid"
       ],
       "optionalClientScopes": [
         "address",
@@ -472,6 +473,18 @@
         }
       ]
     },
+    {
+      "id": "27b15f8c-ea65-4288-bfd5-bd88eb1d05cf",
+      "name": "openid",
+      "description": "",
+      "protocol": "openid-connect",
+      "attributes": {
+        "include.in.token.scope": "true",
+        "display.on.consent.screen": "true",
+        "gui.order": "",
+        "consent.screen.text": ""
+      }
+    },
     {
       "id": "9489cfcc-4415-4d08-a792-988d995a3edb",
       "name": "web-origins",
@@ -942,7 +955,8 @@
     "email",
     "roles",
     "web-origins",
-    "acr"
+    "acr",
+    "openid"
   ],
   "defaultOptionalClientScopes": [
     "offline_access",
diff --git a/scripts/keycloak/mini-clowder-realm-dev.json b/scripts/keycloak/mini-clowder-realm-dev.json
@@ -61,7 +61,8 @@
         "web-origins",
         "roles",
         "profile",
-        "email"
+        "email",
+        "openid"
       ],
       "optionalClientScopes": [
         "address",
diff --git a/scripts/keycloak/mini-clowder-realm-prod.json b/scripts/keycloak/mini-clowder-realm-prod.json
@@ -63,7 +63,8 @@
         "web-origins",
         "roles",
         "profile",
-        "email"
+        "email",
+        "openid"
       ],
       "optionalClientScopes": [
         "address",
diff --git a/scripts/keycloak/mini-kube-clowder-realm-prod.json b/scripts/keycloak/mini-kube-clowder-realm-prod.json
@@ -36,7 +36,8 @@
         "web-origins",
         "roles",
         "profile",
-        "email"
+        "email",
+        "openid"
       ],
       "optionalClientScopes": [
         "address",
