Replies: 18 comments 91 replies
-
|
I am unsure about the timeline of this blog post: Does that mean that you plan to release Keycloak 17 in December 2021? |
Beta Was this translation helpful? Give feedback.
-
|
Is it somehow possible to start Keycloak-X / the Quarkus distribution in Quarkus Dev-Mode with hot code replacement and attachable debugger? And this not only in a local distribution, but also in a Docker container? We can use such an option with the Wildfly distro when developing SPIs and providers and this is very useful and valuable. How can we achive this with Quarkus based Keycloak-X running in Docker? |
Beta Was this translation helpful? Give feedback.
-
|
I'm sorry if this is an obvious question but is there a Docker image for Quarkus (I see on the downloads page a specific Following on from this, is there also an operator to have quarkus running in Kubernetes? Thank you for all of your work. |
Beta Was this translation helpful? Give feedback.
-
|
Will there be something similar like the |
Beta Was this translation helpful? Give feedback.
-
|
Sorry, but I can't see the awesomeness of Keycloak.X yet. I'm struggling for over 2 hours now to get it up and running with some basic config changes (bare metal, Windows). But I cannot even get to the admin console. After starting the server with the custom profile, opening https://idp.mydomain.local:8943/auth/ I get the welcome page, but the link to the admin console points to https://idp.mydomain.local/auth/admin/ |
Beta Was this translation helpful? Give feedback.
-
|
Configuration of custom JDBC driver is broken (leads to Azure SQL cannot be used as database) In previous versions of keycloak.x it was possible to configure the JDBC driver by settings the environment variable KC_DB_DRIVER . With keycloak.x 15.1.0 this does no longer work - the database driver is now set based on the db settings to a hard coded driver class. I added a unit test to show the behaviour to ConfigurationTest.java. Has this been changed intentionally or is this a bug? |
Beta Was this translation helpful? Give feedback.
-
Better CLI help
vs. It is often unclear which option is a build-time option and needs a "config rebuild" and
Default context-path / relative-path settingThe Wildfly based Keycloak has been using the Perhaps Keycloak.X could ship with a Ability to restrict access to admin and management endpointsIn Wildfly based Keycloak it was possible to expose the admin console or management endpoints via dedicated ports, and Auto-build featureThe auto-build feature works quite well and should IMHO be the default for container based Keycloak deployments. Ability to add additional JVM options to docker containerAs discussed above, users might want to supply additional JVM options to the Keycloak container - as is currently possible with the Ability to run an embedded Keycloak.X within Keycloak extension moduleIt would be helpful, if we could develop and test custom extensions in an embedded quarkus runtime. The IDELauncher from the quarkus/server module already provides initial support for this, but needs some tweaking to correctly discover extension classes and themes on the classpath. This would help to speed up Keycloak theme and extension development. |
Beta Was this translation helpful? Give feedback.
-
|
Docker/Container Image - Environment variables Would be good if the Docker/Container image could support all env vars that the Wildlfy-based image supports. And if it uses the same names for them (not |
Beta Was this translation helpful? Give feedback.
-
|
On "Better CLI help" Thanks for the clarification when the Regarding the On "--option=value or just --option value" It's nice that the cli parsing is that flexible but this might cause some confusion. On "--verbose" I really missed that |
Beta Was this translation helpful? Give feedback.
-
|
On "Ability to restrict access to admin and management endpoints" Yes the PR for KEYCLOAK-15773 Enable admin endpoints and admin-console via Feature flags is still on my mind, but I need to follow up the discussion on that. |
Beta Was this translation helpful? Give feedback.
-
|
On the "Default context-path / relative-path setting" As stated above, having the "old" |
Beta Was this translation helpful? Give feedback.
-
|
Hi I'm aware that migrating from I tried to upgrade my It's noteworthy to mention that the DB location moved from Once this has been figured out, I tried at first to launch Finally I resolved this by explicitly setting an empty db-username and password, but I had to specify them using the environment variables Is there any default username/password for the H2 database now ? |
Beta Was this translation helpful? Give feedback.
-
|
I also tried to export and import keycloak's data before I solved my previous issue. I had no issue exporting the data from Trying to export data from a brand new |
Beta Was this translation helpful? Give feedback.
-
|
@pedroigor @DGuhr I did some testing of quarkus distribution. Maybe some points were already repeated from other people. In case you can consider the feedback from me as "another vote to improve this" :-) I focused especially on the usability and on the idea when you won't need documentation when you use
This is fine for most of java developers, but someone not familiar with Java might be a bit lost with such message and will need to google to figure what's going on. Maybe it is better to use something more user-friendly like simple message: "Your Java version is too old. Please use Java 11 or newer. See command 'java -version' to figure what is your Java version".
but I see the error related to the JDBC driver. At this point, it may not be 100% clear to me what I should do to enable JDBC driver. I personally know that it requires re-augmentation, but IMO it may not be clear enough for the average admin. Maybe some better overview of this can be mentioned in the DATABASE section of the
which does not imply to me that I need this to configure the DB. The TBH I am not sure about perfect name either, but I just consider
The output is error message (referred later as So I tried to build with dev profile and run the command: But seeing another error: This is likely only bug in the error message But seeing another error: So it seems I cannot use profile "dev" with any of
works as expected and I can run server. Then I stopped the server and I run this: but seeing error message like: which is different error message in comparison to the use of and server is successfully started. Console even shows: However this is not very great as server was in fact started with the I suppose this is because
Now I used this command to build the Then I decided to go with the other profile: and it failed to start due the expected strict hostname resolution. Hence I decided to revert to the working but seeing the error about strict hostname resolution even if I understand this is due the fact that "persisted" properties take preference over the properties from the configuration file. But not sure the order of preference is clear for typical admin (again).
This will be nice, but not sure if realistic to do and if it is too much overhead for the server to support multiple augmented profiles? Just an idea... Another idea: When I use |
Beta Was this translation helpful? Give feedback.
-
|
I try to configure Keycloak X according to the following requirements:
It's extremely simple to achieve all the requirements using auto-build (see appendix), but it almost doubles startup time of a container. So, I'd like to make it works using custom Docker image with a prebuilt Keycloak X. And this is where the problems begin. Overriding of persisted db.usernameInside a Dockerfile, I run the command Configuring Vault as a credentials provider for datasourceTo configure Vault as a credentials provider for datasource, I try to use external All this properties are overridable at runtime according to Quarkus documentation. Therefore, I suppose they are allowed to be specified after the Appendix: successful configuration with auto-buildRelevant part of Vault's AppRole secret id can be specified using |
Beta Was this translation helpful? Give feedback.
-
|
hello everyone. i have a problem with deployment KeycloakX 16.1.0 image to Kubernetes (Ingress NGINX - Service - KX Pods) The problem is infinity redirections (with login & password correct) on realm after press login button. In version 14 we solve this by adding flag --http.proxy-address-forwarding=true on run Keycloak in pod. Now in 16th a lot of changes come to distribution configuration and we saw error: Unknown option: '--http.proxy-address-forwarding=true' I have been tried start --auto-build --hostname-strict=false --hostname-strict-https=false --http-enabled=true --proxy=edge --db=postgres options but they don't solve problem Also tried setup ingress with option: Does not help ether. Url to keycloak: https://somesubdomaun.subdomain.domain.com But if i will do just port forwarding from pod to locahost with --hostname=localhost parameter set than everything working without issue So what can be analog of parameter --http.proxy-address-forwarding=true for KeycloakX 16.1.0 image? How make it working correctly after ingress controller in k8s? |
Beta Was this translation helpful? Give feedback.
-
|
Hello, But I have this error at startup : It is trying to load a Wildfly class... is this supported ? If not, is it in the roadmap ? |
Beta Was this translation helpful? Give feedback.
-
|
As this thread is becoming very long we have added a new category specifically for the Quarkus distribution: This thread will now be locked, so please open new discussions in the above category. |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
Update 8 Feb
As this thread is becoming very long we have added a new category specifically for the Quarkus distribution:
https://github.com/keycloak/keycloak/discussions/categories/keycloak-x-quarkus-distribution
This thread will now be locked, so please open new discussions in the above category.
Keycloak 15.1.0 came with a lot of improvements to the Quarkus distribution. We are rapidly moving towards this being the default distribution, and will most likely deprecated the WildFly distribution in Keycloak 17.0.
We would love to make the Quarkus distribution as good as it possible can be, and make the migration as simple as possible to everyone. So, please try out the Quarkus distribution and provide us with feedback.
We are particularly interested in feedback on areas like:
Beta Was this translation helpful? Give feedback.
All reactions