I’m attempting to run C8 identity in K8s independently in its own helm release as I do not want to create a fresh keycloak service instance - but rather use the existing keycloak instance shared amongst the rest of our organisation.
By providing the KEYCLOAK_SETUP_USER, KEYCLOAK_SETUP_PASSWORD and KEYCLOAK_SETUP_CLIENT_ID environment variables, the identity service is able to log in successfully to keycloak with existing admin credentials. However, the set up is not successful - identity logs indicate the following
ERROR 1 --- [ main] i.c.i.i.k.config.KeycloakConfiguration :
javax.ws.rs.ProcessingException:
com.fasterxml.jackson.databind.exc.UnrecognizedPropertyException:
Unrecognized field "readOnly" (class org.keycloak.representations.idm.ConfigPropertyRepresentation),
not marked as ignorable (7 known properties: "defaultValue", "label", "type", "name", "helpText", "secret", "options"])
at [Source: (org.jboss.resteasy.specimpl.AbstractBuiltResponse$InputStreamWrapper); line: 1, column:
24778] (through reference chain:
org.keycloak.representations.info.ServerInfoRepresentation["protocolMapperTypes"]
->java.util.LinkedHashMap["saml"]
->java.util.ArrayList[0]
->org.keycloak.representations.idm.ProtocolMapperTypeRepresentation["properties"]
->java.util.ArrayList[0]
->org.keycloak.representations.idm.ConfigPropertyRepresentation["readOnly"])
This error message has been observed in the keycloak-config-cli project
Potentially indicating a version incompatibility with this utility (assuming its used by the identity service) and keycloak versions >18. Its should be noted that my organisation’s keycloak instance is v19.
Does that mean C8 identity only supports running keycloak versions below 18, regardless of whether we deploy keycloak alongside C8 or independently? If so, will keycloak 19 be supported? It would be great to see C8 identity work against our existing keycloak solution.
Follow up question:
I’ve noticed that providing KEYCLOAK_SETUP_USER, KEYCLOAK_SETUP_PASSWORD and KEYCLOAK_SETUP_CLIENT_ID works only if the existing client has authentication disabled (i.e. no client secret is needed). Is there a plan to support authentication-enabled clients (e.g. something like KEYCLOAK_SETUP_CLIENT_SECRET)?