libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases 1 Packages Activity Actions

Upgrade to Infinispan 14.0.26.Final

Browse source 
Closes #27871

Signed-off-by: Ryan Emerson <remerson@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
This commit is contained in:
Ryan Emerson 2024-03-13 17:24:20 +00:00 committed by GitHub
parent 3989cb5e90
commit a32808e8eb
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
5 changed files with 8 additions and 19 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
docs/guides/high-availability/connect-keycloak-to-external-infinispan.adoc
View file

@ -23,10 +23,9 @@ This topic describes advanced {jdgserver_name} configurations for {project_name}
include::examples/src/kcb-infinispan-cache-remote-store-config.xml[tag=keycloak-ispn-remotestore] include::examples/src/kcb-infinispan-cache-remote-store-config.xml[tag=keycloak-ispn-remotestore]
---- ----
<1> New tag `<persistence />` to connect it to the remote store. <1> New tag `<persistence />` to connect it to the remote store.
<2> This is a workaround for issue https://github.com/keycloak/keycloak/issues/27117[keycloak#27117] and will be removed in the following versions. <2> For the address to the remote store, reference two environment variables for host name and port number.
<3> For the address to the remote store, reference two environment variables for host name and port number. <3> For authentication, reference two environment variables for username and password.
<4> For authentication, reference two environment variables for username and password. <4> To secure the remote store connection, use the Kubernetes mechanisms of the pre-configured truststore.
<5> To secure the remote store connection, use the Kubernetes mechanisms of the pre-configured truststore.
.. Prepare an {jdgserver_name} Cache configuration XML from the file `cache-ispn.xml`, which is part of the {project_name} distribution. .. Prepare an {jdgserver_name} Cache configuration XML from the file `cache-ispn.xml`, which is part of the {project_name} distribution.
For each `replicated-cache` entry, add the tag `<persistence />` as shown below. For each `replicated-cache` entry, add the tag `<persistence />` as shown below.

3
docs/guides/high-availability/examples/generated/keycloak-ispn.yaml
View file

@ -111,9 +111,6 @@ data:
raw-values="true" raw-values="true"
shared="true" shared="true"
segmented="false"> segmented="false">
<!-- This is a workaround for the following issue https://github.com/keycloak/keycloak/issues/27117 and should be removed when the issue is fixed -->
<write-behind modification-queue-size="1024"/>
<!-- End of the workaround -->
<remote-server host="${env.KC_REMOTE_STORE_HOST}" <remote-server host="${env.KC_REMOTE_STORE_HOST}"
port="${env.KC_REMOTE_STORE_PORT}"/> <!--2--> port="${env.KC_REMOTE_STORE_PORT}"/> <!--2-->
<connection-pool max-active="16" <connection-pool max-active="16"

9
docs/guides/high-availability/examples/src/kcb-infinispan-cache-remote-store-config.xml
View file

@ -53,23 +53,20 @@
raw-values="true" raw-values="true"
shared="true" shared="true"
segmented="false"> segmented="false">
<!-- This is a workaround for the following issue https://github.com/keycloak/keycloak/issues/27117 and should be removed when the issue is fixed -->
<write-behind modification-queue-size="1024"/> <!--2-->
<!-- End of the workaround -->
<remote-server host="${env.KC_REMOTE_STORE_HOST}" <remote-server host="${env.KC_REMOTE_STORE_HOST}"
port="${env.KC_REMOTE_STORE_PORT}"/> <!--3--> port="${env.KC_REMOTE_STORE_PORT}"/> <!--2-->
<connection-pool max-active="16" <connection-pool max-active="16"
exhausted-action="CREATE_NEW"/> exhausted-action="CREATE_NEW"/>
<security> <security>
<authentication server-name="infinispan"> <authentication server-name="infinispan">
<digest username="${env.KC_REMOTE_STORE_USERNAME}" <digest username="${env.KC_REMOTE_STORE_USERNAME}"
password="${env.KC_REMOTE_STORE_PASSWORD}" password="${env.KC_REMOTE_STORE_PASSWORD}"
realm="default"/> <!--4--> realm="default"/> <!--3-->
</authentication> </authentication>
<encryption protocol="TLSv1.3" <encryption protocol="TLSv1.3"
sni-hostname="${env.KC_REMOTE_STORE_HOST}"> sni-hostname="${env.KC_REMOTE_STORE_HOST}">
<truststore filename="/var/run/secrets/kubernetes.io/serviceaccount/service-ca.crt" <truststore filename="/var/run/secrets/kubernetes.io/serviceaccount/service-ca.crt"
type="pem"/> <!--5--> type="pem"/> <!--4-->
</encryption> </encryption>
</security> </security>
</remote-store> </remote-store>

2
pom.xml
View file

@ -97,7 +97,7 @@
<h2.version>2.2.224</h2.version> <h2.version>2.2.224</h2.version>
<hibernate-orm.plugin.version>6.2.13.Final</hibernate-orm.plugin.version> <hibernate-orm.plugin.version>6.2.13.Final</hibernate-orm.plugin.version>
<hibernate.c3p0.version>6.2.13.Final</hibernate.c3p0.version> <hibernate.c3p0.version>6.2.13.Final</hibernate.c3p0.version>
<infinispan.version>14.0.25.Final</infinispan.version> <infinispan.version>14.0.26.Final</infinispan.version>
<!--JAKARTA--> <!--JAKARTA-->
<jakarta.mail.version>2.1.1</jakarta.mail.version> <jakarta.mail.version>2.1.1</jakarta.mail.version>

6
quarkus/runtime/src/main/java/org/keycloak/quarkus/runtime/storage/legacy/infinispan/CacheManagerFactory.java
View file

@ -244,11 +244,7 @@ public class CacheManagerFactory {
.saslMechanism(SCRAM_SHA_512) .saslMechanism(SCRAM_SHA_512)
.addServer() .addServer()
.host(cacheRemoteHost) .host(cacheRemoteHost)
.port(cacheRemotePort) .port(cacheRemotePort);
// This is a workaround for the following issue https://github.com/keycloak/keycloak/issues/27117 and should be removed when the issue is fixed
.async().enable().modificationQueueSize(1024)
// end of workaround
;
}); });
} }
} }