From ccf060ad5cbeb999b19c82648e65257ba72c1a85 Mon Sep 17 00:00:00 2001
From: Leonidas Spyropoulos <artafinde@gmail.com>
Date: Mon, 24 May 2021 16:35:33 +0100
Subject: [PATCH] keycloak: Update standalone.xml config
Update standalone.xml configuration based on documentation
https://www.keycloak.org/docs/latest/upgrading/#_install_new_version
Closes: #347
Signed-off-by: Leonidas Spyropoulos <artafinde@gmail.com>
---
roles/keycloak/templates/standalone.xml.j2 | 398 +++++++++++----------
1 file changed, 208 insertions(+), 190 deletions(-)
diff --git a/roles/keycloak/templates/standalone.xml.j2 b/roles/keycloak/templates/standalone.xml.j2
index 5934fa313..f00586b3d 100644
--- a/roles/keycloak/templates/standalone.xml.j2
+++ b/roles/keycloak/templates/standalone.xml.j2
@@ -1,5 +1,6 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<server xmlns="urn:jboss:domain:10.0">
+<?xml version='1.0' encoding='UTF-8'?>
+
+<server xmlns="urn:jboss:domain:16.0">
<extensions>
<extension module="org.jboss.as.clustering.infinispan"/>
<extension module="org.jboss.as.connector"/>
@@ -20,10 +21,9 @@
<extension module="org.wildfly.extension.bean-validation"/>
<extension module="org.wildfly.extension.core-management"/>
<extension module="org.wildfly.extension.elytron"/>
+ <extension module="org.wildfly.extension.health"/>
<extension module="org.wildfly.extension.io"/>
- <extension module="org.wildfly.extension.microprofile.config-smallrye"/>
- <extension module="org.wildfly.extension.microprofile.health-smallrye"/>
- <extension module="org.wildfly.extension.microprofile.metrics-smallrye"/>
+ <extension module="org.wildfly.extension.metrics"/>
<extension module="org.wildfly.extension.request-controller"/>
<extension module="org.wildfly.extension.security.manager"/>
<extension module="org.wildfly.extension.undertow"/>
@@ -127,7 +127,7 @@
</subsystem>
<subsystem xmlns="urn:jboss:domain:bean-validation:1.0"/>
<subsystem xmlns="urn:jboss:domain:core-management:1.0"/>
- <subsystem xmlns="urn:jboss:domain:datasources:5.0">
+ <subsystem xmlns="urn:jboss:domain:datasources:6.0">
<datasources>
<datasource jndi-name="java:jboss/datasources/KeycloakDS" pool-name="KeycloakDS" enabled="true" use-java-context="true" statistics-enabled="${wildfly.datasources.statistics-enabled:${wildfly.statistics-enabled:false}}">
<connection-url>jdbc:postgresql://localhost:5432/keycloak</connection-url>
@@ -150,7 +150,7 @@
<subsystem xmlns="urn:jboss:domain:deployment-scanner:2.0">
<deployment-scanner path="deployments" relative-to="jboss.server.base.dir" scan-interval="5000" runtime-failure-causes-rollback="${jboss.deployment.scanner.rollback.on.failure:false}"/>
</subsystem>
- <subsystem xmlns="urn:jboss:domain:ee:4.0">
+ <subsystem xmlns="urn:jboss:domain:ee:6.0">
<spec-descriptor-property-replacement>false</spec-descriptor-property-replacement>
<concurrent>
<context-services>
@@ -160,15 +160,15 @@
<managed-thread-factory name="default" jndi-name="java:jboss/ee/concurrency/factory/default" context-service="default"/>
</managed-thread-factories>
<managed-executor-services>
- <managed-executor-service name="default" jndi-name="java:jboss/ee/concurrency/executor/default" context-service="default" hung-task-threshold="60000" keepalive-time="5000"/>
+ <managed-executor-service name="default" jndi-name="java:jboss/ee/concurrency/executor/default" context-service="default" hung-task-termination-period="0" hung-task-threshold="60000" keepalive-time="5000"/>
</managed-executor-services>
<managed-scheduled-executor-services>
- <managed-scheduled-executor-service name="default" jndi-name="java:jboss/ee/concurrency/scheduler/default" context-service="default" hung-task-threshold="60000" keepalive-time="3000"/>
+ <managed-scheduled-executor-service name="default" jndi-name="java:jboss/ee/concurrency/scheduler/default" context-service="default" hung-task-termination-period="0" hung-task-threshold="60000" keepalive-time="3000"/>
</managed-scheduled-executor-services>
</concurrent>
<default-bindings context-service="java:jboss/ee/concurrency/context/default" datasource="java:jboss/datasources/KeycloakDS" managed-executor-service="java:jboss/ee/concurrency/executor/default" managed-scheduled-executor-service="java:jboss/ee/concurrency/scheduler/default" managed-thread-factory="java:jboss/ee/concurrency/factory/default"/>
</subsystem>
- <subsystem xmlns="urn:jboss:domain:ejb3:6.0">
+ <subsystem xmlns="urn:jboss:domain:ejb3:9.0">
<session-bean>
<stateless>
<bean-instance-pool-ref pool-name="slsb-strict-max-pool"/>
@@ -195,7 +195,7 @@
<file-data-store name="default-file-store" path="timer-service-data" relative-to="jboss.server.data.dir"/>
</data-stores>
</timer-service>
- <remote connector-ref="http-remoting-connector" thread-pool-name="default">
+ <remote connectors="http-remoting-connector" thread-pool-name="default">
<channel-creation-options>
<option name="MAX_OUTBOUND_MESSAGES" value="1234" type="remoting"/>
</channel-creation-options>
@@ -211,121 +211,7 @@
<statistics enabled="${wildfly.ejb3.statistics-enabled:${wildfly.statistics-enabled:false}}"/>
<log-system-exceptions value="true"/>
</subsystem>
- <subsystem xmlns="urn:jboss:domain:io:3.0">
- <worker name="default"/>
- <buffer-pool name="default"/>
- </subsystem>
- <subsystem xmlns="urn:jboss:domain:infinispan:9.0">
- <cache-container name="keycloak">
- <local-cache name="realms">
- <object-memory size="10000"/>
- </local-cache>
- <local-cache name="users">
- <object-memory size="10000"/>
- </local-cache>
- <local-cache name="sessions"/>
- <local-cache name="authenticationSessions"/>
- <local-cache name="offlineSessions"/>
- <local-cache name="clientSessions"/>
- <local-cache name="offlineClientSessions"/>
- <local-cache name="loginFailures"/>
- <local-cache name="work"/>
- <local-cache name="authorization">
- <object-memory size="10000"/>
- </local-cache>
- <local-cache name="keys">
- <object-memory size="1000"/>
- <expiration max-idle="3600000"/>
- </local-cache>
- <local-cache name="actionTokens">
- <object-memory size="-1"/>
- <expiration max-idle="-1" interval="300000"/>
- </local-cache>
- </cache-container>
- <cache-container name="server" default-cache="default" module="org.wildfly.clustering.server">
- <local-cache name="default">
- <transaction mode="BATCH"/>
- </local-cache>
- </cache-container>
- <cache-container name="web" default-cache="passivation" module="org.wildfly.clustering.web.infinispan">
- <local-cache name="passivation">
- <locking isolation="REPEATABLE_READ"/>
- <transaction mode="BATCH"/>
- <file-store passivation="true" purge="false"/>
- </local-cache>
- <local-cache name="sso">
- <locking isolation="REPEATABLE_READ"/>
- <transaction mode="BATCH"/>
- </local-cache>
- <local-cache name="routing"/>
- </cache-container>
- <cache-container name="ejb" aliases="sfsb" default-cache="passivation" module="org.wildfly.clustering.ejb.infinispan">
- <local-cache name="passivation">
- <locking isolation="REPEATABLE_READ"/>
- <transaction mode="BATCH"/>
- <file-store passivation="true" purge="false"/>
- </local-cache>
- </cache-container>
- <cache-container name="hibernate" module="org.infinispan.hibernate-cache">
- <local-cache name="entity">
- <object-memory size="10000"/>
- <expiration max-idle="100000"/>
- </local-cache>
- <local-cache name="local-query">
- <object-memory size="10000"/>
- <expiration max-idle="100000"/>
- </local-cache>
- <local-cache name="timestamps"/>
- </cache-container>
- </subsystem>
- <subsystem xmlns="urn:jboss:domain:jaxrs:1.0"/>
- <subsystem xmlns="urn:jboss:domain:jca:5.0">
- <archive-validation enabled="true" fail-on-error="true" fail-on-warn="false"/>
- <bean-validation enabled="true"/>
- <default-workmanager>
- <short-running-threads>
- <core-threads count="50"/>
- <queue-length count="50"/>
- <max-threads count="50"/>
- <keepalive-time time="10" unit="seconds"/>
- </short-running-threads>
- <long-running-threads>
- <core-threads count="50"/>
- <queue-length count="50"/>
- <max-threads count="50"/>
- <keepalive-time time="10" unit="seconds"/>
- </long-running-threads>
- </default-workmanager>
- <cached-connection-manager/>
- </subsystem>
- <subsystem xmlns="urn:jboss:domain:jmx:1.3">
- <expose-resolved-model/>
- <expose-expression-model/>
- <remoting-connector/>
- </subsystem>
- <subsystem xmlns="urn:jboss:domain:jpa:1.1">
- <jpa default-datasource="" default-extended-persistence-inheritance="DEEP"/>
- </subsystem>
- <subsystem xmlns="urn:jboss:domain:mail:3.0">
- <mail-session name="default" jndi-name="java:jboss/mail/Default">
- <smtp-server outbound-socket-binding-ref="mail-smtp"/>
- </mail-session>
- </subsystem>
- <subsystem xmlns="urn:jboss:domain:naming:2.0">
- <remote-naming/>
- </subsystem>
- <subsystem xmlns="urn:jboss:domain:remoting:4.0">
- <http-connector name="http-remoting-connector" connector-ref="default" security-realm="ApplicationRealm"/>
- </subsystem>
- <subsystem xmlns="urn:jboss:domain:request-controller:1.0"/>
- <subsystem xmlns="urn:jboss:domain:security-manager:1.0">
- <deployment-permissions>
- <maximum-set>
- <permission class="java.security.AllPermission"/>
- </maximum-set>
- </deployment-permissions>
- </subsystem>
- <subsystem xmlns="urn:wildfly:elytron:8.0" final-providers="combined-providers" disallowed-providers="OracleUcrypto">
+ <subsystem xmlns="urn:wildfly:elytron:13.0" final-providers="combined-providers" disallowed-providers="OracleUcrypto">
<providers>
<aggregate-providers name="combined-providers">
<providers name="elytron"/>
@@ -424,75 +310,126 @@
</mechanism-provider-filtering-sasl-server-factory>
<provider-sasl-server-factory name="global"/>
</sasl>
+ <tls>
+ <key-stores>
+ <key-store name="applicationKS">
+ <credential-reference clear-text="password"/>
+ <implementation type="JKS"/>
+ <file path="application.keystore" relative-to="jboss.server.config.dir"/>
+ </key-store>
+ </key-stores>
+ <key-managers>
+ <key-manager name="applicationKM" key-store="applicationKS" generate-self-signed-certificate-host="localhost">
+ <credential-reference clear-text="password"/>
+ </key-manager>
+ </key-managers>
+ <server-ssl-contexts>
+ <server-ssl-context name="applicationSSC" key-manager="applicationKM"/>
+ </server-ssl-contexts>
+ </tls>
</subsystem>
- <subsystem xmlns="urn:jboss:domain:security:2.0">
- <security-domains>
- <security-domain name="other" cache-type="default">
- <authentication>
- <login-module code="Remoting" flag="optional">
- <module-option name="password-stacking" value="useFirstPass"/>
- </login-module>
- <login-module code="RealmDirect" flag="required">
- <module-option name="password-stacking" value="useFirstPass"/>
- </login-module>
- </authentication>
- </security-domain>
- <security-domain name="jboss-web-policy" cache-type="default">
- <authorization>
- <policy-module code="Delegating" flag="required"/>
- </authorization>
- </security-domain>
- <security-domain name="jaspitest" cache-type="default">
- <authentication-jaspi>
- <login-module-stack name="dummy">
- <login-module code="Dummy" flag="optional"/>
- </login-module-stack>
- <auth-module code="Dummy"/>
- </authentication-jaspi>
- </security-domain>
- <security-domain name="jboss-ejb-policy" cache-type="default">
- <authorization>
- <policy-module code="Delegating" flag="required"/>
- </authorization>
- </security-domain>
- </security-domains>
+ <subsystem xmlns="urn:wildfly:health:1.0" security-enabled="false"/>
+ <subsystem xmlns="urn:jboss:domain:infinispan:12.0">
+ <cache-container name="keycloak" modules="org.keycloak.keycloak-model-infinispan">
+ <local-cache name="realms">
+ <heap-memory size="10000"/>
+ </local-cache>
+ <local-cache name="users">
+ <heap-memory size="10000"/>
+ </local-cache>
+ <local-cache name="sessions"/>
+ <local-cache name="authenticationSessions"/>
+ <local-cache name="offlineSessions"/>
+ <local-cache name="clientSessions"/>
+ <local-cache name="offlineClientSessions"/>
+ <local-cache name="loginFailures"/>
+ <local-cache name="work"/>
+ <local-cache name="authorization">
+ <heap-memory size="10000"/>
+ </local-cache>
+ <local-cache name="keys">
+ <heap-memory size="1000"/>
+ <expiration max-idle="3600000"/>
+ </local-cache>
+ <local-cache name="actionTokens">
+ <heap-memory size="-1"/>
+ <expiration interval="300000" max-idle="-1"/>
+ </local-cache>
+ </cache-container>
+ <cache-container name="server" default-cache="default" modules="org.wildfly.clustering.server">
+ <local-cache name="default">
+ <transaction mode="BATCH"/>
+ </local-cache>
+ </cache-container>
+ <cache-container name="web" default-cache="passivation" modules="org.wildfly.clustering.web.infinispan">
+ <local-cache name="passivation">
+ <locking isolation="REPEATABLE_READ"/>
+ <transaction mode="BATCH"/>
+ <file-store passivation="true" purge="false"/>
+ </local-cache>
+ <local-cache name="sso">
+ <locking isolation="REPEATABLE_READ"/>
+ <transaction mode="BATCH"/>
+ </local-cache>
+ <local-cache name="routing"/>
+ </cache-container>
+ <cache-container name="ejb" default-cache="passivation" aliases="sfsb" modules="org.wildfly.clustering.ejb.infinispan">
+ <local-cache name="passivation">
+ <locking isolation="REPEATABLE_READ"/>
+ <transaction mode="BATCH"/>
+ <file-store passivation="true" purge="false"/>
+ </local-cache>
+ </cache-container>
+ <cache-container name="hibernate" modules="org.infinispan.hibernate-cache">
+ <local-cache name="entity">
+ <heap-memory size="10000"/>
+ <expiration max-idle="100000"/>
+ </local-cache>
+ <local-cache name="local-query">
+ <heap-memory size="10000"/>
+ <expiration max-idle="100000"/>
+ </local-cache>
+ <local-cache name="timestamps"/>
+ </cache-container>
</subsystem>
- <subsystem xmlns="urn:jboss:domain:transactions:5.0">
- <core-environment node-identifier="${jboss.tx.node.id:1}">
- <process-id>
- <uuid/>
- </process-id>
- </core-environment>
- <recovery-environment socket-binding="txn-recovery-environment" status-socket-binding="txn-status-manager"/>
- <coordinator-environment statistics-enabled="${wildfly.transactions.statistics-enabled:${wildfly.statistics-enabled:false}}"/>
- <object-store path="tx-object-store" relative-to="jboss.server.data.dir"/>
+ <subsystem xmlns="urn:jboss:domain:io:3.0">
+ <worker name="default"/>
+ <buffer-pool name="default"/>
</subsystem>
- <subsystem xmlns="urn:jboss:domain:weld:4.0"/>
- <subsystem xmlns="urn:wildfly:microprofile-config-smallrye:1.0"/>
- <subsystem xmlns="urn:wildfly:microprofile-health-smallrye:2.0" security-enabled="false" empty-liveness-checks-status="${env.MP_HEALTH_EMPTY_LIVENESS_CHECKS_STATUS:UP}" empty-readiness-checks-status="${env.MP_HEALTH_EMPTY_READINESS_CHECKS_STATUS:UP}"/>
- <subsystem xmlns="urn:wildfly:microprofile-metrics-smallrye:2.0" security-enabled="false" exposed-subsystems="*" prefix="${wildfly.metrics.prefix:wildfly}"/>
- <subsystem xmlns="urn:jboss:domain:undertow:10.0" default-server="default-server" default-virtual-host="default-host" default-servlet-container="default" default-security-domain="other" statistics-enabled="${wildfly.undertow.statistics-enabled:${wildfly.statistics-enabled:false}}">
- <buffer-cache name="default"/>
- <server name="default-server">
- <http-listener name="default" socket-binding="http" redirect-socket="https" enable-http2="true" proxy-address-forwarding="true"/>
- <https-listener name="https" socket-binding="https" security-realm="ApplicationRealm" enable-http2="true" proxy-address-forwarding="true"/>
- <host name="default-host" alias="localhost">
- <location name="/" handler="welcome-content"/>
- <http-invoker security-realm="ApplicationRealm"/>
- </host>
- </server>
- <servlet-container name="default">
- <jsp-config/>
- <websockets/>
- </servlet-container>
- <handlers>
- <file name="welcome-content" path="${jboss.home.dir}/welcome-content"/>
- </handlers>
+ <subsystem xmlns="urn:jboss:domain:jaxrs:2.0"/>
+ <subsystem xmlns="urn:jboss:domain:jca:5.0">
+ <archive-validation enabled="true" fail-on-error="true" fail-on-warn="false"/>
+ <bean-validation enabled="true"/>
+ <default-workmanager>
+ <short-running-threads>
+ <core-threads count="50"/>
+ <queue-length count="50"/>
+ <max-threads count="50"/>
+ <keepalive-time time="10" unit="seconds"/>
+ </short-running-threads>
+ <long-running-threads>
+ <core-threads count="50"/>
+ <queue-length count="50"/>
+ <max-threads count="50"/>
+ <keepalive-time time="10" unit="seconds"/>
+ </long-running-threads>
+ </default-workmanager>
+ <cached-connection-manager/>
+ </subsystem>
+ <subsystem xmlns="urn:jboss:domain:jmx:1.3">
+ <expose-resolved-model/>
+ <expose-expression-model/>
+ <remoting-connector/>
+ </subsystem>
+ <subsystem xmlns="urn:jboss:domain:jpa:1.1">
+ <jpa default-extended-persistence-inheritance="DEEP"/>
</subsystem>
<subsystem xmlns="urn:jboss:domain:keycloak-server:1.1">
<web-context>auth</web-context>
<providers>
- <provider>classpath:${jboss.home.dir}/providers/*</provider>
+ <provider>
+ classpath:${jboss.home.dir}/providers/*
+ </provider>
</providers>
<master-realm-name>master</master-realm-name>
<scheduled-task-interval>900</scheduled-task-interval>
@@ -571,6 +508,87 @@
<provider name="metrics-listener" enabled="true"/>
</spi>
</subsystem>
+ <subsystem xmlns="urn:jboss:domain:mail:4.0">
+ <mail-session name="default" jndi-name="java:jboss/mail/Default">
+ <smtp-server outbound-socket-binding-ref="mail-smtp"/>
+ </mail-session>
+ </subsystem>
+ <subsystem xmlns="urn:wildfly:metrics:1.0" security-enabled="false" exposed-subsystems="*" prefix="${wildfly.metrics.prefix:wildfly}"/>
+ <subsystem xmlns="urn:jboss:domain:naming:2.0">
+ <remote-naming/>
+ </subsystem>
+ <subsystem xmlns="urn:jboss:domain:remoting:4.0">
+ <http-connector name="http-remoting-connector" connector-ref="default" security-realm="ApplicationRealm"/>
+ </subsystem>
+ <subsystem xmlns="urn:jboss:domain:request-controller:1.0"/>
+ <subsystem xmlns="urn:jboss:domain:security:2.0">
+ <security-domains>
+ <security-domain name="other" cache-type="default">
+ <authentication>
+ <login-module code="Remoting" flag="optional">
+ <module-option name="password-stacking" value="useFirstPass"/>
+ </login-module>
+ <login-module code="RealmDirect" flag="required">
+ <module-option name="password-stacking" value="useFirstPass"/>
+ </login-module>
+ </authentication>
+ </security-domain>
+ <security-domain name="jboss-web-policy" cache-type="default">
+ <authorization>
+ <policy-module code="Delegating" flag="required"/>
+ </authorization>
+ </security-domain>
+ <security-domain name="jaspitest" cache-type="default">
+ <authentication-jaspi>
+ <login-module-stack name="dummy">
+ <login-module code="Dummy" flag="optional"/>
+ </login-module-stack>
+ <auth-module code="Dummy"/>
+ </authentication-jaspi>
+ </security-domain>
+ <security-domain name="jboss-ejb-policy" cache-type="default">
+ <authorization>
+ <policy-module code="Delegating" flag="required"/>
+ </authorization>
+ </security-domain>
+ </security-domains>
+ </subsystem>
+ <subsystem xmlns="urn:jboss:domain:security-manager:1.0">
+ <deployment-permissions>
+ <maximum-set>
+ <permission class="java.security.AllPermission"/>
+ </maximum-set>
+ </deployment-permissions>
+ </subsystem>
+ <subsystem xmlns="urn:jboss:domain:transactions:6.0">
+ <core-environment node-identifier="${jboss.tx.node.id:1}">
+ <process-id>
+ <uuid/>
+ </process-id>
+ </core-environment>
+ <recovery-environment socket-binding="txn-recovery-environment" status-socket-binding="txn-status-manager"/>
+ <coordinator-environment statistics-enabled="${wildfly.transactions.statistics-enabled:${wildfly.statistics-enabled:false}}"/>
+ <object-store path="tx-object-store" relative-to="jboss.server.data.dir"/>
+ </subsystem>
+ <subsystem xmlns="urn:jboss:domain:undertow:12.0" default-server="default-server" default-virtual-host="default-host" default-servlet-container="default" default-security-domain="other" statistics-enabled="${wildfly.undertow.statistics-enabled:${wildfly.statistics-enabled:false}}">
+ <buffer-cache name="default"/>
+ <server name="default-server">
+ <http-listener name="default" socket-binding="http" redirect-socket="https" proxy-address-forwarding="true" enable-http2="true"/>
+ <https-listener name="https" socket-binding="https" proxy-address-forwarding="true" security-realm="ApplicationRealm" enable-http2="true"/>
+ <host name="default-host" alias="localhost">
+ <location name="/" handler="welcome-content"/>
+ <http-invoker security-realm="ApplicationRealm"/>
+ </host>
+ </server>
+ <servlet-container name="default">
+ <jsp-config/>
+ <websockets/>
+ </servlet-container>
+ <handlers>
+ <file name="welcome-content" path="${jboss.home.dir}/welcome-content"/>
+ </handlers>
+ </subsystem>
+ <subsystem xmlns="urn:jboss:domain:weld:4.0"/>
</profile>
<interfaces>
<interface name="management">
@@ -589,7 +607,7 @@
<socket-binding name="txn-recovery-environment" port="4712"/>
<socket-binding name="txn-status-manager" port="4713"/>
<outbound-socket-binding name="mail-smtp">
- <remote-destination host="localhost" port="25"/>
+ <remote-destination host="${jboss.mail.server.host:localhost}" port="${jboss.mail.server.port:25}"/>
</outbound-socket-binding>
</socket-binding-group>
-</server>
+</server>
\ No newline at end of file
--
GitLab