Update to Keycloak 26 / Quarkus 3.18.1 / Release AP 4.1.5

CHANGELOG.md

@@ -3,43 +3,39 @@
 For documentation on how to update this changelog,
 please see [changelog_updates.md](docs/dev/changelog_updates.md).
 
-## Unreleased - YYYY-MM-DD
+## [v4.1.5] - 2025-01-31
 
 ### Overview
 
-### Detailed Changes
-
-#### Major
+Keycloak 26 compatibility update
 
-#### Minor
+### Detailed Changes
 
 #### Patch
 
+- Updated backend framework for Keycloak 26 compatibility
+
 ### Known issues
 
 ### Deployment Migration Notes
 
+- To maintain compatibility, update **Keycloak** to version **26.0.7** and **oauth2-proxy** to **7.7.1**
+  - If you encounter issues keeping the user session alive, configure your auth proxy to either no longer require a nonce in the access token or add the legacy nonce mapper to your oauth-proxy client. Consult the Keycloak documentation for more information.
+
 #### Compatible Versions
 
-- Authority Portal Backend Docker Image: `ghcr.io/sovity/authority-portal-backend:{{ version }}`
-- Authority Portal Frontend Docker Image: `ghcr.io/sovity/authority-portal-frontend:{{ version }}`
-- Catalog Crawler CE: `ghcr.io/sovity/authority-portal-crawler:{{ version }}`
-- Sovity EDC CE: {{ CE Release Link }}
+- Authority Portal Backend Docker Image: `ghcr.io/sovity/authority-portal-ee-backend:4.1.5`
+- Authority Portal Frontend Docker Image: `ghcr.io/sovity/authority-portal-ee-frontend:4.1.5`
+- Catalog Crawler CE: `ghcr.io/sovity/authority-portal-ee-crawler:4.1.5`
+- sovity EDC CE: [`v10.5.0`](https://github.com/sovity/edc-ce/releases/tag/v10.5.0)
+- Keycloak: 26.0.7
 
 ## [v4.1.4] - 2024-12-13
 
 ### Overview
 
 ### Detailed Changes
 
-#### Major
-
-#### Minor
-
-#### Patch
-
-### Known issues
-
 ### Deployment Migration Notes
 
 - Deploy a Catalog Crawler with version `10.5.0`. Previous versions are not compatible with this release.

authority-portal-backend/authority-portal-quarkus/build.gradle.kts

@@ -33,20 +33,20 @@ dependencies {
     implementation("io.quarkus:quarkus-logging-json")
     implementation("io.quarkus:quarkus-opentelemetry")
     implementation("io.quarkus:quarkus-micrometer")
-    implementation("io.quarkus:quarkus-resteasy-reactive")
-    implementation("io.quarkus:quarkus-resteasy-reactive-jackson")
+    implementation("io.quarkus:quarkus-rest")
+    implementation("io.quarkus:quarkus-rest-jackson")
     implementation("io.quarkus:quarkus-smallrye-context-propagation")
     implementation("io.quarkus:quarkus-smallrye-openapi")
     implementation("io.quarkus:quarkus-smallrye-health")
-    implementation("io.quarkus:quarkus-oidc-client-reactive-filter")
+    implementation("io.quarkus:quarkus-rest-client-oidc-filter")
     implementation("io.quarkus:quarkus-hibernate-validator")
-    implementation("io.quarkus:quarkus-resteasy-reactive-jackson")
+    implementation("io.quarkus:quarkus-rest-jackson")
+    implementation("io.quarkus:quarkus-keycloak-admin-rest-client")
     implementation("org.jetbrains.kotlin:kotlin-stdlib-jdk8")
     implementation("io.opentelemetry.instrumentation:opentelemetry-jdbc")
     implementation("org.bouncycastle:bcprov-jdk18on:1.77")
     implementation("org.bouncycastle:bcpkix-jdk18on:1.77")
     implementation("com.opencsv:opencsv:5.9")
-    implementation(libs.quarkus.keycloakAdminClientReactive)
     implementation(libs.quarkus.jooq)
     implementation(libs.commons.lang3)
     implementation(project(":authority-portal-api"))

authority-portal-backend/authority-portal-quarkus/src/main/resources/application.properties

@@ -27,7 +27,7 @@ quarkus.oidc.enabled=true
 %dev.quarkus.keycloak.devservices.enabled=true
 %dev.quarkus.keycloak.devservices.port=8081
 %dev.quarkus.keycloak.devservices.realm-path=realm.dev.json
-%dev.quarkus.keycloak.devservices.image-name=quay.io/keycloak/keycloak:24.0.4
+%dev.quarkus.keycloak.devservices.image-name=quay.io/keycloak/keycloak:26.0.7
 
 %dev.quarkus.keycloak.admin-client.server-url=http://localhost:8081
 %dev.quarkus.keycloak.admin-client.realm=mds-portal

authority-portal-backend/gradle/libs.versions.toml

@@ -5,8 +5,7 @@ npmVersion = "8.15.0"
 
 sovity-edcCe = "10.5.0"
 
-quarkus = "3.9.2"
-quarkus-keycloakAdminClientReactive = "3.6.6"
+quarkus = "3.18.1"
 quarkus-jooq = "2.0.0"
 
 jakarta-servletApi = "5.0.0"
@@ -31,7 +30,6 @@ commons-lang = "3.14.0"
 sovity-edc-wrapperCommonApi = { module = "de.sovity.edc:wrapper-common-api", version.ref = "sovity-edcCe" }
 
 quarkus-universeBom = { module = "io.quarkus.platform:quarkus-bom", version.ref = "quarkus" }
-quarkus-keycloakAdminClientReactive = { module = "io.quarkus:quarkus-keycloak-admin-client-reactive", version.ref = "quarkus-keycloakAdminClientReactive" }
 quarkus-jooq = { module = "io.quarkiverse.jooq:quarkus-jooq", version.ref = "quarkus-jooq" }
 
 jakarta-servletApi = { module = "jakarta.servlet:jakarta.servlet-api", version.ref = "jakarta-servletApi" }

authority-portal-keycloak/mds-theme/login/login-config-totp.ftl

@@ -51,20 +51,21 @@
 
         <form action="${url.loginAction}" class="${properties.kcFormClass!} formContainer" id="kc-totp-settings-form" method="post">
             <div class="${properties.kcFormGroupClass!}">
-                <div class="${properties.kcInputWrapperClass!}">
-                    <label for="totp" class="control-label">${msg("authenticatorCode")}</label> <span class="required">*</span>
+                <div class="form-group-row ${properties.kcInputWrapperClass!}">
+                    <label for="totp" class="control-label">${msg("authenticatorCode")}</label> 
+                    <span class="required">*</span>
                 </div>
                 <div class="${properties.kcInputWrapperClass!}">
                     <input type="text" id="totp" name="totp" autocomplete="off" class="${properties.kcInputClass!}"
                            aria-invalid="<#if messagesPerField.existsError('totp')>true</#if>"
                     />
 
                     <#if messagesPerField.existsError('totp')>
-                        <span id="input-error-otp-code" class="${properties.kcInputErrorMessageClass!}" aria-live="polite">
-                            ${kcSanitize(messagesPerField.get('totp'))?no_esc}
-                        </span>
+                            <span id="input-error-otp-code" class="${properties.kcInputErrorMessageClass!}" aria-live="polite">
+                                ${kcSanitize(messagesPerField.get('totp'))?no_esc}
+                            </span>
                     </#if>
-
+                    
                 </div>
                 <input type="hidden" id="totpSecret" name="totpSecret" value="${totp.totpSecret}" />
                 <#if mode??><input type="hidden" id="mode" name="mode" value="${mode}"/></#if>

authority-portal-keycloak/mds-theme/login/login-update-password.ftl

@@ -0,0 +1,54 @@
+<#import "template.ftl" as layout>
+<#import "password-commons.ftl" as passwordCommons>
+<@layout.registrationLayout displayMessage=!messagesPerField.existsError('password','password-confirm'); section>
+    <#if section = "header">
+        ${msg("updatePasswordTitle")}
+    <#elseif section = "form">
+        <form id="kc-passwd-update-form" class="${properties.kcFormClass!}" action="${url.loginAction}" method="post">
+            <div class="${properties.kcFormGroupClass!}">
+                <input type="password" id="password-new" name="password-new" class="text-input"
+                       autofocus autocomplete="new-password" placeholder="New Password"
+                       aria-invalid="<#if messagesPerField.existsError('password','password-confirm')>true</#if>"
+                />
+            </div>
+
+            <#if messagesPerField.existsError('password')>
+                <span id="input-error-password" class="${properties.kcInputErrorMessageClass!}" aria-live="polite">
+                            ${kcSanitize(messagesPerField.get('password'))?no_esc}
+                        </span>
+            </#if>
+
+            <div class="${properties.kcFormGroupClass!}">
+                <input type="password" id="password-confirm" name="password-confirm"
+                       class="text-input"
+                       autocomplete="new-password" placeholder="Confirm Password"
+                       aria-invalid="<#if messagesPerField.existsError('password-confirm')>true</#if>"
+                />
+            </div>
+
+            <#if messagesPerField.existsError('password-confirm')>
+                <span id="input-error-password-confirm" class="${properties.kcInputErrorMessageClass!}"
+                      aria-live="polite">
+                            ${kcSanitize(messagesPerField.get('password-confirm'))?no_esc}
+                        </span>
+            </#if>
+
+            <div class="${properties.kcFormGroupClass!}">
+                <@passwordCommons.logoutOtherSessions/>
+
+                <div id="kc-form-buttons" class="${properties.kcFormButtonsClass!}">
+                    <#if isAppInitiatedAction??>
+                        <input class="${properties.kcButtonClass!} ${properties.kcButtonPrimaryClass!} ${properties.kcButtonLargeClass!} ${properties.kcButtonBlockClass!}"
+                               type="submit" value="${msg("doSubmit")}"/>
+                        <button
+                        class="${properties.kcButtonClass!} ${properties.kcButtonCancelClass!} ${properties.kcButtonLargeClass!} ${properties.kcButtonBlockClass!}"
+                        type="submit" name="cancel-aia" value="true" />${msg("doCancel")}</button>
+                    <#else>
+                        <input class="${properties.kcButtonClass!} ${properties.kcButtonPrimaryClass!} ${properties.kcButtonBlockClass!} ${properties.kcButtonLargeClass!} ${properties.kcButtonFullWidthClass!}"
+                               type="submit" value="${msg("doSubmit")}"/>
+                    </#if>
+                </div>
+            </div>
+        </form>
+    </#if>
+</@layout.registrationLayout>