Skip to content

Updating Keycloak

Requirements

  • internet access for downloading the zip file from the SEAL Systems delivery platform

Updating from version 1.0.1

Hint - internal data structure changes

Due to Keycloak internal data structure changes you have to export the configuration before updating, then remove the existing configuration and reimport the exported configuration afterwards.

  1. In a browser, log on to the SEAL Systems delivery platform with your logon data:

    https://delivery.sealsystems.de

    Hint - logon data

    You receive the logon data from your Technical Project Manager at SEAL Systems.

  2. Download the Keycloak - 15.0.0.18 - rpm folder. It is saved as Keycloak - 15.0.0.18 - rpm.zip.

  3. Export the Keycloak configuration:

    For details on the exporting, see Keycloak documentation.

  4. Stop the service:

    sudo systemctl stop seal-keycloak

  5. Remove the content of the /opt/seal/data/seal-keycloak directory:

    sudo rm /opt/seal/data/seal-keycloak/*

  6. Change to the download directory and start installing the package:

    install.sh

  7. In the /opt/seal/data/seal-keycloak/configuration/standalone.xml file, remove all lines referring to SmallRye modules, particularly the following lines:

    <extension module="org.wildfly.extension.microprofile.config-smallrye"/>
<extension module="org.wildfly.extension.microprofile.health-smallrye"/>
<extension module="org.wildfly.extension.microprofile.metrics-smallrye"/>

<subsystem xmlns="urn:wildfly:microprofile-config-smallrye:1.0"/>
<subsystem xmlns="urn:wildfly:microprofile-health-smallrye:2.0" security-enabled="false" empty-liveness-checks-status="${env.MP_HEALTH_EMPTY_LIVENESS_CHECKS_STATUS:UP}" empty-readiness-checks-status="${env.MP_HEALTH_EMPTY_READINESS_CHECKS_STATUS:UP}"/>
<subsystem xmlns="urn:wildfly:microprofile-metrics-smallrye:2.0" security-enabled="false" exposed-subsystems="*" prefix="${wildfly.metrics.prefix:wildfly}"/>

    For details on the migration, see Keycloak upgrading guide.

  8. Import the previously exported Keycloak configuration:

    For details on the importing, see Keycloak documentation.

  9. Start the service:

    sudo systemctl start seal-keycloak

Updating from Previous Versions

  1. In a browser, log on to the SEAL Systems delivery platform with your logon data:

    https://delivery.sealsystems.de

    Hint - logon data

    You receive the logon data from your Technical Project Manager at SEAL Systems.

  2. Download the Keycloak - 15.0.0.18 - rpm folder. It is saved as Keycloak - 15.0.0.18 - rpm.zip.

  3. Change to the download directory and start installing the package:

    install.sh

  4. In the /opt/seal/data/seal-keycloak/configuration/standalone.xml file, remove all lines referring to SmallRye modules, particularly the following lines:

    <extension module="org.wildfly.extension.microprofile.config-smallrye"/>
<extension module="org.wildfly.extension.microprofile.health-smallrye"/>
<extension module="org.wildfly.extension.microprofile.metrics-smallrye"/>

<subsystem xmlns="urn:wildfly:microprofile-config-smallrye:1.0"/>
<subsystem xmlns="urn:wildfly:microprofile-health-smallrye:2.0" security-enabled="false" empty-liveness-checks-status="${env.MP_HEALTH_EMPTY_LIVENESS_CHECKS_STATUS:UP}" empty-readiness-checks-status="${env.MP_HEALTH_EMPTY_READINESS_CHECKS_STATUS:UP}"/>
<subsystem xmlns="urn:wildfly:microprofile-metrics-smallrye:2.0" security-enabled="false" exposed-subsystems="*" prefix="${wildfly.metrics.prefix:wildfly}"/>

    For details on the migration, see Keycloak upgrading guide.

  5. Start the service:

    sudo systemctl start seal-keycloak

Changes

The client configuration has been changed. The previous configuration has been enhanced by two new clients for easyPRIMA and PLOSSYS CLI.

Both clients are preconfigered identically:

  • Password Flow ist activated.

  • Code Flow has been set, too, in order to prevent a later reconfiguration.

  • The client-secret is active.

You can get a token by making test calls like the following.

  • easyPRIMA:

    curl -d "client_id=seal-easyprima" -d "username=<user_name>" -d "password=<password>" -d "grant_type=password" -d "client_secret=<client_secret>" "http://%HOSTNAME%:32768/auth/realms/SEAL/protocol/openid-connect/token" -v

  • SEAL OP-CLI:

    curl -d "client_id=seal-opcli" -d "username=<user_name>" -d "password=<password>" -d "grant_type=password" -d "client_secret=<client_secret>" "http://%HOSTNAME%:32768/auth/realms/SEAL/protocol/openid-connect/token" -v

  • PLOSSYS CLI:

    curl -d "client_id=seal-plossyscli" -d "username=<user_name>" -d "password=<password>" -d "grant_type=password" -d "client_secret=<client_secret>" "http://%HOSTNAME%:32768/auth/realms/SEAL/protocol/openid-connect/token" -v

Hint - add new clients manually

You have to add new clients manually to prevent the existing configuration from being destroyed. If you are allowed to overwrite the existing configuration, see instructions below.

Overwriting the Existing Configuration

If you want to overwrite the existing configuration, proceed as follows.

  1. Stop Keycloak:

    systemctl stop seal-keycloak

  2. Remove the currently used package:

    rpm -e seal-keycloak

  3. Remove the following directory manually:

    sudo rm -rf /opt/seal/data/seal-keycloak

  4. Install the new package:

    rpm -ivh seal-keycloak-4.5.0-60.x86_64.rpm

  5. Start Keycloak:

    systemctl start seal-keycloak

Back to top