diff --git a/README.md b/README.md
index 39aa88ea..71225e1a 100644
--- a/README.md
+++ b/README.md
@@ -451,9 +451,9 @@ Running unit tests from Maven requires configuring the details of a running Keyc
| `KEYCLOAK_URL` | Keycloak server URL.
Default value: `http://localhost:8080/auth` |
| `KEYCLOAK_ADMIN_USER` | The admin user of the Keycloak server.
Default value: `keycloak` |
| `KEYCLOAK_ADMIN_PASSWORD` | The admin password of the Keycloak server.
Default value: `keycloak1!` |
- | `KEYCLOAK_ENFORCE_SUBGROUPS_IN_GROUP_QUERY` | Wether to enforce subgroup results in group queries when testing with Keycloak >= `23.0.0`
Default value: `true` |
+| `KEYCLOAK_ENFORCE_SUBGROUPS_IN_GROUP_QUERY` | Wether to enforce subgroup results in group queries when testing with Keycloak >= `23.0.0`
Default value: `true` |
In case you choose Keycloak in the new Quarkus distribution, please be aware that `/auth` has been removed from the default context path.
-Hence, it is required to change the `KEYCLOAK_URL` for the tests. Tests also run successfully against the Quarkus
+Hence, it is required to change the `KEYCLOAK_URL` for the tests. Tests run successfully against the Quarkus
distribution, in case you start Keycloak in Development mode.
------------------------------------------------------------
diff --git a/examples/sso-kubernetes/k8s/deployment.yaml b/examples/sso-kubernetes/k8s/deployment.yaml
index b21d4631..9f1e47ff 100644
--- a/examples/sso-kubernetes/k8s/deployment.yaml
+++ b/examples/sso-kubernetes/k8s/deployment.yaml
@@ -20,7 +20,7 @@ spec:
spec:
containers:
- name: keycloak-showcase
- image: gunnaraccso/camunda-showcase-keycloak:7.21.0
+ image: gunnaraccso/camunda-showcase-keycloak:7.21.1
ports:
- containerPort: 8080
env:
@@ -39,7 +39,7 @@ spec:
- name: KEYCLOAK_CLIENT_ID
value: camunda-identity-service
- name: KEYCLOAK_CLIENT_SECRET
- value: GBLb9KSRxmmo81SIGH2BWu3GEtrofvWo
+ value: 0F0yFyCvv2T901fvMSbKlAd7f8QkyxNg
livenessProbe:
httpGet:
path: /camunda/actuator/health/liveness
diff --git a/examples/sso-kubernetes/k8s/keycloak/deployment.yaml b/examples/sso-kubernetes/k8s/keycloak/deployment.yaml
index 8ea59d04..b8f2bce8 100644
--- a/examples/sso-kubernetes/k8s/keycloak/deployment.yaml
+++ b/examples/sso-kubernetes/k8s/keycloak/deployment.yaml
@@ -20,7 +20,7 @@ spec:
spec:
containers:
- name: keycloak-server
- image: gunnaraccso/keycloak.server:21.1.1 # quay.io/keycloak/keycloak
+ image: gunnaraccso/keycloak.server:24.0.3 # quay.io/keycloak/keycloak
ports:
- containerPort: 8080
name: http
diff --git a/examples/sso-kubernetes/k8s/localhost/endpoint.yaml b/examples/sso-kubernetes/k8s/localhost/endpoint.yaml
index 90de6817..ebb7a475 100644
--- a/examples/sso-kubernetes/k8s/localhost/endpoint.yaml
+++ b/examples/sso-kubernetes/k8s/localhost/endpoint.yaml
@@ -11,4 +11,4 @@ ports:
port: 80
endpoints:
- addresses:
- - "172.28.160.1"
\ No newline at end of file
+ - "172.30.240.1"
\ No newline at end of file
diff --git a/examples/sso-kubernetes/k8s/postgresql/deployment.yaml b/examples/sso-kubernetes/k8s/postgresql/deployment.yaml
index 9e4d21a2..976de3f2 100644
--- a/examples/sso-kubernetes/k8s/postgresql/deployment.yaml
+++ b/examples/sso-kubernetes/k8s/postgresql/deployment.yaml
@@ -15,7 +15,7 @@ spec:
spec:
containers:
- name: postgres
- image: postgres:11.4-alpine
+ image: postgres:16.2-alpine
ports:
- containerPort: 5432
env:
diff --git a/examples/sso-kubernetes/src/main/java/org/camunda/bpm/extension/keycloak/showcase/sso/WebAppSecurityConfig.java b/examples/sso-kubernetes/src/main/java/org/camunda/bpm/extension/keycloak/showcase/sso/WebAppSecurityConfig.java
index 1b273bdc..ee2a47a4 100644
--- a/examples/sso-kubernetes/src/main/java/org/camunda/bpm/extension/keycloak/showcase/sso/WebAppSecurityConfig.java
+++ b/examples/sso-kubernetes/src/main/java/org/camunda/bpm/extension/keycloak/showcase/sso/WebAppSecurityConfig.java
@@ -11,6 +11,8 @@
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.web.SecurityFilterChain;
+import org.springframework.security.web.firewall.HttpFirewall;
+import org.springframework.security.web.firewall.StrictHttpFirewall;
import org.springframework.web.context.request.RequestContextListener;
import org.springframework.web.filter.ForwardedHeaderFilter;
@@ -80,5 +82,13 @@ public FilterRegistrationBean forwardedHeaderFilter() {
public RequestContextListener requestContextListener() {
return new RequestContextListener();
}
-
+
+ // Modify firewall in order to allow request details for child groups
+ @Bean
+ public HttpFirewall getHttpFirewall() {
+ StrictHttpFirewall strictHttpFirewall = new StrictHttpFirewall();
+ strictHttpFirewall.setAllowUrlEncodedPercent(true);
+ strictHttpFirewall.setAllowUrlEncodedSlash(true);
+ return strictHttpFirewall;
+ }
}
\ No newline at end of file
diff --git a/examples/sso-kubernetes/src/main/resources/application.yaml b/examples/sso-kubernetes/src/main/resources/application.yaml
index 8b2347e7..29dc34c2 100644
--- a/examples/sso-kubernetes/src/main/resources/application.yaml
+++ b/examples/sso-kubernetes/src/main/resources/application.yaml
@@ -38,7 +38,7 @@ keycloak:
# Keycloak Camunda Identity Client
client.id: ${KEYCLOAK_CLIENT_ID:camunda-identity-service}
- client.secret: ${KEYCLOAK_CLIENT_SECRET:GBLb9KSRxmmo81SIGH2BWu3GEtrofvWo}
+ client.secret: ${KEYCLOAK_CLIENT_SECRET:0F0yFyCvv2T901fvMSbKlAd7f8QkyxNg}
# Spring Boot Security OAuth2 SSO
spring.security:
@@ -82,5 +82,6 @@ plugin.identity.keycloak:
useEmailAsCamundaUserId: false
useUsernameAsCamundaUserId: true
useGroupPathAsCamundaGroupId: true
+ enforceSubgroupsInGroupQuery: true
administratorGroupName: camunda-admin
disableSSLCertificateValidation: true
\ No newline at end of file