chore(examples): update keycloak to v25 (#2706)

---------

Co-authored-by: tuunit <jan@larwig.com>

contrib/local-environment/docker-compose-keycloak.yaml

@@ -43,23 +43,18 @@ services:
 
   keycloak:
     container_name: keycloak
-    image: jboss/keycloak:10.0.2
+    image: keycloak/keycloak:25.0.1-0
     hostname: keycloak
     command:
-      [
+      - 'start-dev'
-        '-b',
+      - '--http-port=9080'
-        '0.0.0.0',
+      - '--import-realm'
-        '-Djboss.socket.binding.port-offset=1000',
-        '-Dkeycloak.migration.action=import',
-        '-Dkeycloak.migration.provider=dir',
-        '-Dkeycloak.migration.dir=/realm-config',
-        '-Dkeycloak.migration.strategy=IGNORE_EXISTING'
-      ]
     volumes:
-      - ./keycloak:/realm-config
+      - ./keycloak:/opt/keycloak/data/import
     environment:
-      KEYCLOAK_USER: admin@example.com
+      KC_HTTP_PORT: 9080
-      KEYCLOAK_PASSWORD: password
+      KEYCLOAK_ADMIN: admin@example.com
+      KEYCLOAK_ADMIN_PASSWORD: password
     ports:
       - 9080:9080/tcp
     networks:

contrib/local-environment/keycloak/oauth2-proxy-realm.json

@@ -1,6 +1,6 @@
 {
-  "id": "master",
+  "id": "oauth2-proxy",
-  "realm": "master",
+  "realm": "oauth2-proxy",
   "displayName": "Keycloak",
   "displayNameHtml": "<div class=\"kc-logo-text\"><span>Keycloak</span></div>",
   "notBefore": 0,
@@ -48,7 +48,7 @@
         "description": "${role_offline-access}",
         "composite": false,
         "clientRole": false,
-        "containerId": "master",
+        "containerId": "oauth2-proxy",
         "attributes": {}
       },
       {
@@ -61,7 +61,7 @@
             "create-realm"
           ],
           "client": {
-            "master-realm": [
+            "oauth2-proxy-realm": [
               "query-groups",
               "create-client",
               "query-realms",
@@ -84,7 +84,7 @@
           }
         },
         "clientRole": false,
-        "containerId": "master",
+        "containerId": "oauth2-proxy",
         "attributes": {}
       },
       {
@@ -93,7 +93,7 @@
         "description": "${role_uma_authorization}",
         "composite": false,
         "clientRole": false,
-        "containerId": "master",
+        "containerId": "oauth2-proxy",
         "attributes": {}
       },
       {
@@ -102,7 +102,7 @@
         "description": "${role_create-realm}",
         "composite": false,
         "clientRole": false,
-        "containerId": "master",
+        "containerId": "oauth2-proxy",
         "attributes": {}
       }
     ],
@@ -122,7 +122,7 @@
           "attributes": {}
         }
       ],
-      "master-realm": [
+      "oauth2-proxy-realm": [
         {
           "id": "a8271c2c-6437-4ca5-ae83-49ea5fe1318d",
           "name": "query-groups",
@@ -229,7 +229,7 @@
           "composite": true,
           "composites": {
             "client": {
-              "master-realm": [
+              "oauth2-proxy-realm": [
                 "query-groups",
                 "query-users"
               ]
@@ -273,7 +273,7 @@
           "composite": true,
           "composites": {
             "client": {
-              "master-realm": [
+              "oauth2-proxy-realm": [
                 "query-clients"
               ]
             }
@@ -439,7 +439,7 @@
       "clientId": "account",
       "name": "${client_account}",
       "rootUrl": "${authBaseUrl}",
-      "baseUrl": "/realms/master/account/",
+      "baseUrl": "/realms/oauth2-proxy/account/",
       "surrogateAuthRequired": false,
       "enabled": true,
       "alwaysDisplayInConsole": false,
@@ -450,7 +450,7 @@
         "manage-account"
       ],
       "redirectUris": [
-        "/realms/master/account/*"
+        "/realms/oauth2-proxy/account/*"
       ],
       "webOrigins": [],
       "notBefore": 0,
@@ -486,14 +486,14 @@
       "clientId": "account-console",
       "name": "${client_account-console}",
       "rootUrl": "${authBaseUrl}",
-      "baseUrl": "/realms/master/account/",
+      "baseUrl": "/realms/oauth2-proxy/account/",
       "surrogateAuthRequired": false,
       "enabled": true,
       "alwaysDisplayInConsole": false,
       "clientAuthenticatorType": "client-secret",
       "secret": "91f85142-ee18-4e30-9949-e5acb701bdee",
       "redirectUris": [
-        "/realms/master/account/*"
+        "/realms/oauth2-proxy/account/*"
       ],
       "webOrigins": [],
       "notBefore": 0,
@@ -616,8 +616,8 @@
     },
     {
       "id": "7174c175-1887-4e57-b95b-969fe040deff",
-      "clientId": "master-realm",
+      "clientId": "oauth2-proxy-realm",
-      "name": "master Realm",
+      "name": "oauth2-proxy Realm",
       "surrogateAuthRequired": false,
       "enabled": true,
       "alwaysDisplayInConsole": false,
@@ -711,14 +711,14 @@
       "clientId": "security-admin-console",
       "name": "${client_security-admin-console}",
       "rootUrl": "${authAdminUrl}",
-      "baseUrl": "/admin/master/console/",
+      "baseUrl": "/admin/oauth2-proxy/console/",
       "surrogateAuthRequired": false,
       "enabled": true,
       "alwaysDisplayInConsole": false,
       "clientAuthenticatorType": "client-secret",
       "secret": "b234b7aa-8417-410f-b3fd-c57434d3aa4a",
       "redirectUris": [
-        "/admin/master/console/*"
+        "/admin/oauth2-proxy/console/*"
       ],
       "webOrigins": [
         "+"

contrib/local-environment/keycloak/oauth2-proxy-users-0.json

@@ -1,5 +1,5 @@
 {
-  "realm": "master",
+  "realm": "oauth2-proxy",
   "users": [
     {
       "id": "3356c0a0-d4d5-4436-9c5a-2299c71c08ec",

contrib/local-environment/oauth2-proxy-keycloak.cfg

@@ -2,8 +2,8 @@ http_address="0.0.0.0:4180"
 cookie_secret="OQINaROshtE9TcZkNAm-5Zs2Pv3xaWytBmc5W7sPX7w="
 email_domains="example.com"
 cookie_secure="false"
-upstreams="http://httpbin.localtest.me:8080"
+upstreams="http://httpbin"
-cookie_domains=[".localtest.me"] # Required so cookie can be read on all subdomains.
+cookie_domains=["oauth2-proxy.localtest.me:4080", "httpbin.localtest.me:8080", "keycloak.localtest.me:9080"] # Required so cookie can be read on all subdomains.
 whitelist_domains=[".localtest.me"] # Required to allow redirection back to original requested target.
 
 # keycloak provider
@@ -12,7 +12,7 @@ client_id="oauth2-proxy"
 redirect_url="http://oauth2-proxy.localtest.me:4180/oauth2/callback"
 
 # in this case oauth2-proxy is going to visit
-# http://keycloak.localtest.me:9080/auth/realms/master/.well-known/openid-configuration for configuration
+# http://keycloak.localtest.me:9080/realms/oauth2-proxy/.well-known/openid-configuration for configuration
-oidc_issuer_url="http://keycloak.localtest.me:9080/auth/realms/master"
+oidc_issuer_url="http://keycloak.localtest.me:9080/realms/oauth2-proxy"
 provider="oidc"
 provider_display_name="Keycloak"