parent
84e763b472
commit
c6f13363b9
8 changed files with 26 additions and 111 deletions
|
@ -345,53 +345,6 @@ The name of the script file. This property is *mandatory* and should map to a fi
|
|||
|
||||
Once you have a JAR file with a descriptor and the scripts you want to deploy, you just need to copy the JAR to the {project_name} `providers/` directory, then run `bin/kc.[sh|bat] build`.
|
||||
|
||||
===== Deploy the script engine on Java 15 and later
|
||||
|
||||
To run the scripts, JavaScript providers require that a JavaScript engine is available in your Java application. Java 14 and lower versions include the Nashorn JavaScript Engine. It is
|
||||
automatically available as part of the Java itself and JavaScript providers are able to use this script engine by default. However, for Java 15 or higher versions, the script engine is not part
|
||||
of the Java itself. It needs to be added to your server because {project_name} does not have any script engine by default. Java 15 and higher versions require an extra step when deploying script
|
||||
providers - adding the script engine of your choice to your distribution.
|
||||
|
||||
You can use any script engine. However, we only test with the Nashorn JavaScript Engine. The following steps assume that this engine is used:
|
||||
|
||||
Install the script engine by copying the nashorn script engine JAR and its dependencies directly to the `KEYCLOAK_HOME/providers` directory. In the `pom.xml` file
|
||||
of your script project, you can declare the dependency such as this in the `dependencies` section:
|
||||
|
||||
```xml
|
||||
<dependency>
|
||||
<groupId>org.openjdk.nashorn</groupId>
|
||||
<artifactId>nashorn-core</artifactId>
|
||||
<version>15.3</version>
|
||||
</dependency>
|
||||
```
|
||||
|
||||
and declare `maven-dependency-plugin` in the `plugins` section to copy the dependencies to the specified directory:
|
||||
|
||||
```xml
|
||||
<plugin>
|
||||
<groupId>org.apache.maven.plugins</groupId>
|
||||
<artifactId>maven-dependency-plugin</artifactId>
|
||||
<executions>
|
||||
<execution>
|
||||
<id>copy-dependencies-quarkus</id>
|
||||
<phase>package</phase>
|
||||
<goals>
|
||||
<goal>copy-dependencies</goal>
|
||||
</goals>
|
||||
<configuration>
|
||||
<outputDirectory>${project.build.directory}/keycloak-server-copy/providers</outputDirectory>
|
||||
<includeArtifactIds>nashorn-core,asm,asm-util,asm-commons</includeArtifactIds>
|
||||
</configuration>
|
||||
</execution>
|
||||
</executions>
|
||||
</plugin>
|
||||
```
|
||||
Once the project is built, copy the script engine and its dependencies to the `KEYCLOAK_HOME/providers` directory.
|
||||
```bash
|
||||
cp target/keycloak-server-copy/providers/*.jar KEYCLOAK_HOME/providers/
|
||||
```
|
||||
After re-augment the distribution with `kc.sh build`, the script engine should be deployed and your script providers should work.
|
||||
|
||||
=== Available SPIs
|
||||
|
||||
If you want to see list of all available SPIs at runtime, you can check `Server Info` page in Admin Console as described in <<_providers_admin_console,Admin Console>> section.
|
||||
|
|
|
@ -0,0 +1,16 @@
|
|||
= Javascript engine available by default on the classpath
|
||||
|
||||
In the previous version, when Keycloak was used on Java 17 with Javascript providers (Script authenticator, Javascript authorization policy or Script protocol mappers for OIDC and SAML clients),
|
||||
it was needed to copy javascript engine to the distribution. This is no longer needed as Nashorn javascript engine is available in Keycloak server by default. When you deploy script providers,
|
||||
it is recommended to not copy the nashorn script engine and it's dependencies into the Keycloak distribution.
|
||||
|
||||
= Change of the default Client ID mapper of Service Account Client
|
||||
|
||||
Default `Client ID` mapper of `Service Account Client` has been changed. `Token Claim Name` field value has been changed from `clientId` to `client_id`.
|
||||
`client_id` claim is compliant with OAuth2 specifications:
|
||||
|
||||
- https://datatracker.ietf.org/doc/html/rfc9068#section-2.2[JSON Web Token (JWT) Profile for OAuth 2.0 Access Tokens]
|
||||
- https://www.rfc-editor.org/rfc/rfc7662#section-2.2[OAuth 2.0 Token Introspection]
|
||||
- https://datatracker.ietf.org/doc/html/rfc8693#section-4.3[OAuth 2.0 Token Exchange]
|
||||
|
||||
`clientId` userSession note still exists.
|
|
@ -1,14 +1,3 @@
|
|||
= Change of the default Client ID mapper of Service Account Client
|
||||
|
||||
Default `Client ID` mapper of `Service Account Client` has been changed. `Token Claim Name` field value has been changed from `clientId` to `client_id`.
|
||||
`client_id` claim is compliant with OAuth2 specifications:
|
||||
|
||||
- https://datatracker.ietf.org/doc/html/rfc9068#section-2.2[JSON Web Token (JWT) Profile for OAuth 2.0 Access Tokens]
|
||||
- https://www.rfc-editor.org/rfc/rfc7662#section-2.2[OAuth 2.0 Token Introspection]
|
||||
- https://datatracker.ietf.org/doc/html/rfc8693#section-4.3[OAuth 2.0 Token Exchange]
|
||||
|
||||
`clientId` userSession note still exists.
|
||||
|
||||
= Legacy Promise API removed from Keycloak JS adapter
|
||||
|
||||
The legacy Promise API methods have been removed from the Keycloak JS adapter. This means that calling `.success()` and `.error()` on promises returned from the adapter is no longer possible. Instead standardized Promise methods such as https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Promise/then[`.then()`] and https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Promise/catch[`.catch()`] should be used.
|
||||
|
|
|
@ -4,6 +4,10 @@
|
|||
|
||||
include::changes-22_0_0.adoc[leveloffset=3]
|
||||
|
||||
=== Migrating to 21.1.0
|
||||
|
||||
include::changes-21_1_0.adoc[leveloffset=3]
|
||||
|
||||
=== Migrating to 21.0.2
|
||||
|
||||
include::changes-21_0_2.adoc[leveloffset=3]
|
||||
|
|
2
pom.xml
2
pom.xml
|
@ -111,7 +111,7 @@
|
|||
<woodstox.version>6.0.3</woodstox.version>
|
||||
<xmlsec.version>2.2.3</xmlsec.version>
|
||||
<wildfly.common.version>1.6.0.Final</wildfly.common.version>
|
||||
<nashorn.version>15.3</nashorn.version>
|
||||
<nashorn.version>15.4</nashorn.version>
|
||||
<ua-parser.version>1.5.4</ua-parser.version>
|
||||
<picketbox.version>5.0.3.Final</picketbox.version>
|
||||
<google.guava.version>30.1-jre</google.guava.version>
|
||||
|
|
|
@ -641,6 +641,11 @@
|
|||
<groupId>org.jboss.spec.javax.xml.bind</groupId>
|
||||
<artifactId>jboss-jaxb-api_2.3_spec</artifactId>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.openjdk.nashorn</groupId>
|
||||
<artifactId>nashorn-core</artifactId>
|
||||
<version>${nashorn.version}</version>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>com.sun.xml.messaging.saaj</groupId>
|
||||
<artifactId>saaj-impl</artifactId>
|
||||
|
|
|
@ -264,43 +264,6 @@
|
|||
</properties>
|
||||
</profile>
|
||||
|
||||
<!-- Nashorn script engine needs to be manually added for the new Java versions as it is not part of the JDK anymore -->
|
||||
<profile>
|
||||
<id>jdk15</id>
|
||||
<activation>
|
||||
<jdk>[15,)</jdk>
|
||||
</activation>
|
||||
|
||||
<dependencies>
|
||||
<dependency>
|
||||
<groupId>org.openjdk.nashorn</groupId>
|
||||
<artifactId>nashorn-core</artifactId>
|
||||
</dependency>
|
||||
</dependencies>
|
||||
|
||||
<build>
|
||||
<plugins>
|
||||
<plugin>
|
||||
<groupId>org.apache.maven.plugins</groupId>
|
||||
<artifactId>maven-dependency-plugin</artifactId>
|
||||
<executions>
|
||||
<execution>
|
||||
<id>copy-dependencies-quarkus</id>
|
||||
<phase>generate-resources</phase>
|
||||
<goals>
|
||||
<goal>copy-dependencies</goal>
|
||||
</goals>
|
||||
<configuration>
|
||||
<outputDirectory>${auth.server.home}/providers</outputDirectory>
|
||||
<includeArtifactIds>nashorn-core,asm,asm-util,asm-commons</includeArtifactIds>
|
||||
</configuration>
|
||||
</execution>
|
||||
</executions>
|
||||
</plugin>
|
||||
</plugins>
|
||||
</build>
|
||||
</profile>
|
||||
|
||||
<profile>
|
||||
<id>auth-server-fips140-2</id>
|
||||
<properties>
|
||||
|
|
|
@ -276,21 +276,6 @@
|
|||
|
||||
<profiles>
|
||||
|
||||
<!-- Nashorn script engine needs to be manually added for the new Java versions as it is not part of the JDK anymore -->
|
||||
<profile>
|
||||
<id>jdk15</id>
|
||||
<activation>
|
||||
<jdk>[15,)</jdk>
|
||||
</activation>
|
||||
|
||||
<dependencies>
|
||||
<dependency>
|
||||
<groupId>org.openjdk.nashorn</groupId>
|
||||
<artifactId>nashorn-core</artifactId>
|
||||
</dependency>
|
||||
</dependencies>
|
||||
</profile>
|
||||
|
||||
<profile>
|
||||
<id>keycloak-server</id>
|
||||
<build>
|
||||
|
|
Loading…
Reference in a new issue