Updating Keycloak¶
Requirements¶
- internet access for downloading the zip file from the SEAL Systems delivery platform
Hint - configuration
The configuration in Keycloak is not overwritten by the update.
Instructions¶
Download and install the latest version as described in Installing Keycloak.
Changes¶
The client configuration has been changed. The previous configuration has been enhanced by two new clients for easyPRIMA and PLOSSYS CLI.
Both clients are preconfigered identically:
-
Password Flow ist activated.
-
Code Flow has been set, too, in order to prevent a later reconfiguration.
-
The
client-secretis active.
You can get a token by making test calls like the following.
-
easyPrima:
curl -d "client_id=seal-easyprima" -d "username=<user_name>" -d "password=<password>" -d "grant_type=password" -d "client_secret=<client_secret>" "http://%HOSTNAME%:32768/auth/realms/SEAL/protocol/openid-connect/token" -v -
SEAL OP-CLI:
curl -d "client_id=seal-opcli" -d "username=<user_name>" -d "password=<password>" -d "grant_type=password" -d "client_secret=<client_secret>" "http://%HOSTNAME%:32768/auth/realms/SEAL/protocol/openid-connect/token" -v -
Plossyscli:
curl -d "client_id=seal-plossyscli" -d "username=<user_name>" -d "password=<password>" -d "grant_type=password" -d "client_secret=<client_secret>" "http://%HOSTNAME%:32768/auth/realms/SEAL/protocol/openid-connect/token" -v
Hint - add new clients manually
You have to add new clients manually to prevent the existing configuration from being destroyed. If you are allowed to overwrite the existing configuration, see instructions below.
Overwriting the Existing Configuration¶
If you want to overwrite the existing configuration, proceed as follows.
-
Stop Keycloak:
plossys service stop seal-keycloak -
Remove the currently used package:
rpm -e seal-keycloak -
Remove the following directory manually:
sudo rm -rf /opt/seal/data/seal-keycloak -
Install the new package:
rpm -ivh seal-keycloak-4.5.0-60.x86_64.rpm