mod-scheduler - Upgrade to Keycloak 26.x
Description
Environment
None
Potential Workaround
None
has to be done before
is cloned by
relates to
Checklist
hideActivity
Show:
Natalia Zaitseva January 2, 2025 at 11:59 AM
Done
Details
Details
Assignee
Pavel Filippov
Pavel FilippovReporter
Craig McNally
Craig McNallyPriority
P2Story Points
0
Sprint
None
Development Team
Eureka
Fix versions
Release
Ramsons (R2 2024) Service Patch #1
TestRail: Cases
Open TestRail: Cases
TestRail: Runs
Open TestRail: Runs
Created January 2, 2025 at 11:59 AM
Updated February 20, 2025 at 2:14 PM
Resolved February 4, 2025 at 5:38 PM
TestRail: Cases
TestRail: Runs
Overview
Upgrade to Keycloak v26.0.X.
See:
https://www.keycloak.org/2024/10/keycloak-2600-released and https://www.keycloak.org/docs/latest/upgrading/index.html#migration-changes
https://www.keycloak.org/2024/10/keycloak-2601-released
https://www.keycloak.org/2024/10/keycloak-2602-released
(There was no 26.0.3)
https://www.keycloak.org/2024/10/keycloak-2604-released
https://www.keycloak.org/2024/11/keycloak-2605-released
https://www.keycloak.org/2024/11/keycloak-2606-released
https://www.keycloak.org/2024/12/keycloak-2607-released
From the Release notes:
Java 21 support Keycloak now supports OpenJDK 21, as we want to stick to the latest LTS OpenJDK versions. Java 17 support is deprecated OpenJDK 17 support is deprecated in Keycloak, and will be removed in a following release in favor of OpenJDK 21.Also:
BouncyCastle FIPS updated Our FIPS 140-2 integration is now tested and supported with version 2 of BouncyCastle FIPS libraries. This version is certified with Java 21. If you use FIPS 140-2 integration, it is recommended to upgrade BouncyCastle FIPS library to the versions mentioned in the latest documentation. The BouncyCastle FIPS version 2 is certified with FIPS 140-3. So Keycloak can be FIPS 140-3 compliant as long as it is used on the FIPS 140-3 compliant system. This might be the RHEL 9 based system, which itself is compliant with the FIPS 140-3. But note that RHEL 8 based system is only certified for the FIPS 140-2.Scope
Upgrade folio-keycloak base image
Work with devops / QA to ensure we haven’t introduced any regressions/problems.
Including with custom themes, and plugins/extensions (e.g. for automatic IdP link creation)
Upgrade keycloak client version where applicable? (e.g. mgr-*, sidecar, mod-*-keycloak, etc.)
Q: should we put this in scope of this task? Create one Jira to update the clients? Create distinct JIRAs for each affected component?
Acceptance Criteria
A new folio-keycloak image based on keycloak 26.x has been built and is available
QA has run at least smoke tests against an environment running the new image (e.g. etesting-snapshot).