diff --git a/README.md b/README.md
index 4956109830b740f67fbc05b6462b39f73e9a1cbf..6db1c9fe89a2f6deeacdc53bf462c1f2b9659171 100644
--- a/README.md
+++ b/README.md
@@ -72,6 +72,9 @@ keycloak_welcome_theme: "keycloak"
mysql_credential_file:
debian: '/etc/mysql/debian.cnf'
+### Export old user data from Widly Installations ;
+
+`bin/standalone.sh -Dkeycloak.migration.action=export -Dkeycloak.migration.provider=dir -Dkeycloak.migration.dir=/root/keycloak-user/`
Dependencies
------------
diff --git a/files/module-mariadb.xml b/files/module-mariadb.xml
deleted file mode 100644
index eb195122a207c9985f4283f210a87794bdd2c6c9..0000000000000000000000000000000000000000
--- a/files/module-mariadb.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<?xml version="1.0" ?>
-<module xmlns="urn:jboss:module:1.3" name="org.mariadb.jdbc">
-
- <resources>
- <resource-root path="/usr/share/java/mariadb-java-client.jar"/>
- </resources>
-
- <dependencies>
- <module name="javax.api"/>
- <module name="javax.transaction.api"/>
- </dependencies>
-</module>
diff --git a/molecule/default/converge.yml b/molecule/default/converge.yml
index 24534609a65376e52e37ab8b6fd4561cf5e5b650..a60c5d272471d9c21f487dcd3a81b7eb4dab3167 100644
--- a/molecule/default/converge.yml
+++ b/molecule/default/converge.yml
@@ -8,7 +8,5 @@
vars:
- vault_keycloak_mysql_root_password: "hello world"
- vault_keycloak_db_pwd: "hello world"
- - keycloak_version: "16.1.1"
- - keycloak_previous_version: "16.1.0"
- # - keycloak_version: "16.1.0"
- # - keycloak_previous_version: "15.0.2"
+ # - keycloak_version: "16.1.1"
+ # - keycloak_previous_version: "16.1.0"
diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml
index e5e75db80754f47b5b8c668050783b964fbead27..bb7cb8a06918435e738a1a13660b481817decf1a 100644
--- a/molecule/default/molecule.yml
+++ b/molecule/default/molecule.yml
@@ -8,8 +8,10 @@ driver:
platforms:
- name: instance
box: debian/bullseye64
- memory: 512
- cpus: 1
+ memory: 2048
+ cpus: 2
+ instance_raw_config_args:
+ - "vm.network 'forwarded_port', guest: 8080, host: 8088"
provisioner:
name: ansible
verifier:
diff --git a/tasks/install-configuration.yml b/tasks/install-configuration.yml
index 001317f315d565ee8fbeb0ec480aff06fffe23c7..dbc0b90dbf3bf8db1f9b67eaa01605b6dbfad6dd 100644
--- a/tasks/install-configuration.yml
+++ b/tasks/install-configuration.yml
@@ -1,9 +1,10 @@
---
+# Update
-- name : Configuring Keycloak
+- name: Configuring Keycloak
template:
- src: standalone-ha.xml.j2
- dest: "{{ keycloak_config_dir }}/standalone-ha.xml"
+ src: keycloak.conf.j2
+ dest: "{{ keycloak_config_dir }}/keycloak.conf"
owner: root
group: root
mode: 0644
@@ -12,16 +13,13 @@
- reload systemd
- restart keycloak
-- name: Create Keycloak admin user
+- name: Build the keycloak instance
+ become: yes
command:
args:
argv:
- - "{{ keycloak_jboss_home }}/bin/add-user-keycloak.sh"
- - -r master
- - -u "{{ keycloak_admin_user }}"
- - -p "{{ keycloak_admin_password }}"
- creates: "{{ keycloak_config_dir }}/keycloak-add-user.json"
- become: yes
- when: keycloak_create_admin is defined and (keycloak_create_admin | bool)
- tags:
- - skip_ansible_lint
+ - "{{ keycloak_jboss_home }}/bin/kc.sh"
+ - "build"
+ chdir: "{{ keycloak_jboss_home }}"
+# Update
+
diff --git a/tasks/install-database.yml b/tasks/install-database.yml
index c2b698fdc75e913230e15aba73fa440e7459d736..e5afe4a511a3b54a7c45e31320f80bf25194406f 100644
--- a/tasks/install-database.yml
+++ b/tasks/install-database.yml
@@ -3,6 +3,7 @@
# Adding the Java Database Driver
- name : Installation of the latest Java OpenJDK Driver
+ become: yes
package :
name :
- libmariadb-java
@@ -11,6 +12,7 @@
# Creating the database user and password for keycloak
- name: "Delete the anonymous user."
+ become: yes
mysql_user:
user: ""
state: "absent"
@@ -20,6 +22,7 @@
ignore_errors: yes
- name: "Removes the MySQL test database"
+ become: yes
mysql_db:
name: test
state: absent
@@ -29,6 +32,7 @@
ignore_errors: yes
- name: "Add Database {{ keycloak_db_name }}."
+ become: yes
mysql_db:
name: "{{ keycloak_db_name }}"
login_user: root
@@ -37,6 +41,7 @@
state: present
- name: "Configure the database user."
+ become: yes
mysql_user:
name: "{{ keycloak_db_admin }}"
password: "{{ keycloak_db_pwd }}"
diff --git a/tasks/install-dependencies.yml b/tasks/install-dependencies.yml
index d4bc8a6434d2224e09bdc1f54068c19d958d1275..28db6171d2b2db7c60066f36bd0127a9e4a71b25 100644
--- a/tasks/install-dependencies.yml
+++ b/tasks/install-dependencies.yml
@@ -1,12 +1,19 @@
---
+- name: Updating APT cache
+ become: yes
+ apt:
+ update_cache: yes
+
+
- name : Installation of the latest Java OpenJDK
+ become: yes
package :
- name :
- - default-jdk
+ name : default-jdk
state : latest
- name : Installation of zip and tar
+ become: yes
package :
name :
- zip
@@ -14,6 +21,7 @@
state : latest
- name : Installation of MariaDB
+ become: yes
package :
name :
- mariadb-server
diff --git a/tasks/install-run-service.yml b/tasks/install-run-service.yml
index 5ca51685ce72dc7d4ed40588804f75ebe0697db5..9f82dafb7ed7cf1fa8040455f6f4cba43b574d88 100644
--- a/tasks/install-run-service.yml
+++ b/tasks/install-run-service.yml
@@ -1,13 +1,20 @@
---
- name: Installing the SystemD service script
+ become: yes
template:
src: "keycloak.service.j2"
dest: "/etc/systemd/system/keycloak.service"
owner: root
group: root
mode: 0644
- become: yes
notify:
- reload systemd
- restart keycloak
+
+- name: Enable and start the SystemD service script
+ become: yes
+ service:
+ name: keycloak
+ state: started
+ enabled: yes
diff --git a/tasks/install-service.yml b/tasks/install-service.yml
index 76ecc6d8b01c3afcd1335d1b1cf0641ae10b5427..57aa448debc947ff31e816471c823682417d3ac2 100644
--- a/tasks/install-service.yml
+++ b/tasks/install-service.yml
@@ -1,18 +1,17 @@
---
-
-- name : Checking for existing installation
+- name: Checking for existing installation of the same version
stat:
path: "{{ keycloak_jboss_home }}"
register: existing_deploy
- block:
- - name: Stopping the old keycloak service
+ - name: Stopping the existing keycloak service
systemd:
name: "{{ keycloak_service_name }}"
state: stopped
ignore_errors: true
- - name: Removing the old Keycloak deployment
+ - name: Removing the existing Keycloak deployment
file:
path: "{{ keycloak_jboss_home }}"
state: absent
@@ -23,7 +22,7 @@
path: "{{ keycloak_jboss_home }}"
register: existing_deploy
-- name: create Keycloak install location
+- name: Create Keycloak install location
file:
dest: "{{ keycloak_base_path }}"
state: directory
@@ -32,13 +31,14 @@
become: yes
- block:
- - name: download Keycloak archive to target
+ - name: Download Keycloak archive to target
get_url:
url: "{{ keycloak_url }}"
dest: "{{ keycloak_dest }}"
owner: "{{ keycloak_service_user }}"
group: "{{ keycloak_service_group }}"
- - name: extract Keycloak archive on target
+
+ - name: Extract Keycloak archive on target
unarchive:
remote_src: yes
src: "{{ keycloak_dest }}/{{ keycloak_archive }}"
@@ -52,12 +52,14 @@
when: keycloak_archive_on_target
- block:
- - name: download Keycloak archive to local
+ - name: Download Keycloak archive to local
delegate_to: localhost
get_url:
url: "{{ keycloak_url }}"
dest: "{{ keycloak_local_download_dest }}/{{ keycloak_archive }}"
+
- name: extract Keycloak archive on local
+ become: yes
unarchive:
remote_src: no
src: "{{ keycloak_local_download_dest }}/{{ keycloak_archive }}"
@@ -65,27 +67,12 @@
creates: "{{ keycloak_jboss_home }}"
owner: "{{ keycloak_service_user }}"
group: "{{ keycloak_service_group }}"
- become: yes
notify:
- restart keycloak
when: not keycloak_archive_on_target
-- name: Create MariaDB module directory
- file:
- dest: "{{ keycloak_jboss_home }}/modules/org/mariadb/jdbc/main/"
- state: directory
- owner: "{{ keycloak_service_user }}"
- group: "{{ keycloak_service_group }}"
- become: yes
-
-- name: Create module.xml for mariadb jdbc driver
- copy:
- src: "module-mariadb.xml"
- dest: "{{ keycloak_jboss_home }}/modules/org/mariadb/jdbc/main/module.xml"
- owner: "{{ keycloak_service_user }}"
- group: "{{ keycloak_service_group }}"
-
- name: Add systemd unit file for keycloak service
+ become: yes
template:
src: "keycloak.service.j2"
dest: "/etc/systemd/system/{{ keycloak_service_name }}.service"
diff --git a/tasks/main.yml b/tasks/main.yml
index d24ace5d29710e2ce99b152265daaef30a61fd73..cf670a4d62c9b45f89abc6bd1ed2543b88eb57aa 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -1,26 +1,31 @@
---
# tasks file for sso-lqdn
-# We start by creating a keycloack user and home
-- include: install-users.yml
+- name: Creating a keycloack user and home
+ include_tasks: install-users.yml
-# We're making sure Java and other deps are available on the system
-- include: install-dependencies.yml
+- name: Making sure Java and other deps are available on the system
+ include_tasks: install-dependencies.yml
-# Get the database running
-- include: install-database.yml
+- name: Get the database running
+ include_tasks: install-database.yml
-# Download and install the service from archive
-- include: install-service.yml
+- name: Download and install the service from archive
+ include_tasks: install-service.yml
# Configure the service via configuration files
- include: install-configuration.yml
# Update the service
-- include: update-service.yml
+- name: Import data from previous versions and update the installation.
+ include_tasks: update-service.yml
+ when: keycloak_previous_version is defined
+
+- name: Warn the user if no update has been made
+ debug:
+ msg: "WARNING : No data will be imported from previous versions, no update done."
+ when: keycloak_previous_version is not defined
# Launch the service
- include: install-run-service.yml
-
-
# --- As of here, the service should be running and accessible
diff --git a/tasks/update-service.yml b/tasks/update-service.yml
index 1b34e862e0690d6c4e3e469c8c6acd7ebd0c4f42..38d918ed23f9c171c5a518f21ab0751cf41947ca 100644
--- a/tasks/update-service.yml
+++ b/tasks/update-service.yml
@@ -1,43 +1,64 @@
# Update the keycloak installation
+- name: Checking for pre-existing installation
+ stat:
+ path: "{{ keycloak_base_path }}/keycloak-{{ keycloak_previous_version }}"
+ register: is_there_an_existing_keycloak
-# Stop the service
-- name: Stopping the service for the update.
- systemd:
- name: "{{ keycloak_service_name }}"
- state: stopped
- ignore_errors: true
-
-# Delete the data/tx-object-store/ transaction directory
-- name: Deleting the data/tx-object-store/ transaction directory
- file:
- path: "{{ keycloak_base_path }}/keycloak-{{ keycloak_previous_version }}/standalone/data/tx-object-store/"
- state: absent
-
-# Backup the old installation
-#- name: Making a copy of the current installation
-# NB: Not needed as we are installing to a new directory anyways. We don't touch
-# the old directory.
-
-# Backup the database
-- name: Backing up the of database
- shell: mysqldump keycloak > /root/keycloak-backup-$(date --iso).sql
-
-# Upgrade the server
-#- name: Upgrading the server with the new files
-# This is actually reinstalling the files.
-
-# copy the KEYCLOAK_HOME/standalone/ directory from the previous installation over the directory in the new installation.
-- name: Copying the standalone directory from the previous installation
- copy:
- src: "{{ keycloak_base_path }}/keycloak-{{ keycloak_previous_version }}/standalone"
- dest: "{{ keycloak_base_path }}/keycloak-{{ keycloak_version }}/standalone"
- remote_src: yes
-
-# Run the upgrade script
-# bin/jboss-cli.sh --file=bin/migrate-standalone-ha.cli
-- name: Running the upgrade script
- shell: "{{ keycloak_jboss_home}}/bin/jboss-cli.sh --file={{ keycloak_jboss_home}}/bin/migrate-standalone-ha.cli"
+- name: Printing status of pre-existing installation
+ debug:
+ msg: "{{ is_there_an_existing_keycloak }}"
+
+- name: Updating if needed
+ block:
+ # Stop the service
+ - name: Stopping the service for the update.
+ become: yes
+ systemd:
+ name: "{{ keycloak_service_name }}"
+ state: stopped
+ ignore_errors: true
+
+ # Delete the data/tx-object-store/ transaction directory
+ - name: Deleting the data/tx-object-store/ transaction directory
+ file:
+ path: "{{ keycloak_base_path }}/keycloak-{{ keycloak_previous_version }}/standalone/data/tx-object-store/"
+ state: absent
+
+ # Backup the old installation
+ #- name: Making a copy of the current installation
+ # NB: Not needed as we are installing to a new directory anyways. We don't touch
+ # the old directory.
+
+ # Backup the database
+ - name: Backing up the of database
+ become: yes
+ shell: mysqldump keycloak > /root/keycloak-backup-$(date --iso).sql
+
+ # Upgrade the server
+ #- name: Upgrading the server with the new files
+ # This is actually reinstalling the files.
+
+ # copy the KEYCLOAK_HOME/standalone/ directory from the previous installation over the directory in the new installation.
+ - name: Copying the standalone directory from the previous installation
+ become: yes
+ copy:
+ src: "{{ keycloak_base_path }}/keycloak-{{ keycloak_previous_version }}/standalone"
+ dest: "{{ keycloak_base_path }}/keycloak-{{ keycloak_version }}/standalone"
+ remote_src: yes
+
+ # Run the upgrade script
+ # bin/jboss-cli.sh --file=bin/migrate-standalone-ha.cli
+ - name: Running the upgrade script
+ shell: "{{ keycloak_jboss_home}}/bin/jboss-cli.sh --file={{ keycloak_jboss_home}}/bin/migrate-standalone-ha.cli"
+
+ when: is_there_an_existing_keycloak.stat.exists
+
+- name: Update state
+ debug:
+ msg: "No update done."
+ when: not is_there_an_existing_keycloak.stat.exists
- name: Force systemd to reread configs
+ become: yes
ansible.builtin.systemd:
daemon_reload: yes
diff --git a/templates/keycloak.conf.j2 b/templates/keycloak.conf.j2
new file mode 100644
index 0000000000000000000000000000000000000000..5acab6d31793b92c6efb7368623880d460955bea
--- /dev/null
+++ b/templates/keycloak.conf.j2
@@ -0,0 +1,40 @@
+# Basic settings for running in production. Change accordingly before deploying the server.
+
+# Database
+
+# The database vendor.
+db=mariadb
+
+# The username of the database user.
+db-username={{ keycloak_db_admin }}
+
+# The password of the database user.
+db-password={{ keycloak_db_pwd }}
+
+# The full database JDBC URL. If not provided, a default URL is set based on the selected database vendor.
+db-url=jdbc:mariadb://localhost/keycloak
+
+# Observability
+
+# If the server should expose healthcheck endpoints.
+#health-enabled=true
+
+# If the server should expose metrics endpoints.
+#metrics-enabled=true
+
+# HTTP
+
+# The file path to a server certificate or certificate chain in PEM format.
+#https-certificate-file=${kc.home.dir}conf/server.crt.pem
+
+# The file path to a private key in PEM format.
+#https-certificate-key-file=${kc.home.dir}conf/server.key.pem
+
+# The proxy address forwarding mode if the server is behind a reverse proxy.
+#proxy=reencrypt
+
+# Do not attach route to cookies and rely on the session affinity capabilities from reverse proxy
+#spi-sticky-session-encoder-infinispan-should-attach-route=false
+
+# Hostname for the Keycloak server.
+#hostname=myhostname
diff --git a/templates/keycloak.service.j2 b/templates/keycloak.service.j2
index db7eaf8eb0165b2f621ef78b15b88b0c792d5f5d..32e75dfb61c579e0a2aed6053e605a84e74d77ec 100644
--- a/templates/keycloak.service.j2
+++ b/templates/keycloak.service.j2
@@ -10,7 +10,7 @@ Environment="JBOSS_HOME={{ keycloak_jboss_home }}"
Restart=always
User={{ keycloak_service_user }}
Group={{ keycloak_service_group }}
-ExecStart={{ keycloak_jboss_home }}/bin/standalone.sh --server-config=standalone-ha.xml -b={{ keycloak_bind_address }} -Djboss.http.port={{ keycloak_http_port }} -Djboss.https.port={{ keycloak_https_port }} -Djboss.management.http.port={{ keycloak_management_http_port }} -Djboss.management.https.port={{ keycloak_management_https_port }}
+ExecStart={{ keycloak_jboss_home }}/bin/kc.sh start
TimeoutStartSec=600
TimeoutStopSec=600
diff --git a/templates/standalone-ha.xml.j2 b/templates/standalone-ha.xml.j2
deleted file mode 100644
index 6f478558afe28ab19e4db4bdbbe7607d0f030039..0000000000000000000000000000000000000000
--- a/templates/standalone-ha.xml.j2
+++ /dev/null
@@ -1,688 +0,0 @@
-<?xml version='1.0' encoding='UTF-8'?>
-
-<server xmlns="urn:jboss:domain:16.0">
- <extensions>
- <extension module="org.jboss.as.clustering.infinispan"/>
- <extension module="org.jboss.as.clustering.jgroups"/>
- <extension module="org.jboss.as.connector"/>
- <extension module="org.jboss.as.deployment-scanner"/>
- <extension module="org.jboss.as.ee"/>
- <extension module="org.jboss.as.ejb3"/>
- <extension module="org.jboss.as.jaxrs"/>
- <extension module="org.jboss.as.jmx"/>
- <extension module="org.jboss.as.jpa"/>
- <extension module="org.jboss.as.logging"/>
- <extension module="org.jboss.as.mail"/>
- <extension module="org.jboss.as.modcluster"/>
- <extension module="org.jboss.as.naming"/>
- <extension module="org.jboss.as.remoting"/>
- <extension module="org.jboss.as.security"/>
- <extension module="org.jboss.as.transactions"/>
- <extension module="org.jboss.as.weld"/>
- <extension module="org.keycloak.keycloak-server-subsystem"/>
- <extension module="org.wildfly.extension.bean-validation"/>
- <extension module="org.wildfly.extension.core-management"/>
- <extension module="org.wildfly.extension.elytron"/>
- <extension module="org.wildfly.extension.health"/>
- <extension module="org.wildfly.extension.io"/>
- <extension module="org.wildfly.extension.metrics"/>
- <extension module="org.wildfly.extension.request-controller"/>
- <extension module="org.wildfly.extension.security.manager"/>
- <extension module="org.wildfly.extension.undertow"/>
- </extensions>
- <management>
- <security-realms>
- <security-realm name="ManagementRealm">
- <authentication>
- <local default-user="$local" skip-group-loading="true"/>
- <properties path="mgmt-users.properties" relative-to="jboss.server.config.dir"/>
- </authentication>
- <authorization map-groups-to-roles="false">
- <properties path="mgmt-groups.properties" relative-to="jboss.server.config.dir"/>
- </authorization>
- </security-realm>
- <security-realm name="ApplicationRealm">
- <server-identities>
- <ssl>
- <keystore path="application.keystore" relative-to="jboss.server.config.dir" keystore-password="password" alias="server" key-password="password" generate-self-signed-certificate-host="localhost"/>
- </ssl>
- </server-identities>
- <authentication>
- <local default-user="$local" allowed-users="*" skip-group-loading="true"/>
- <properties path="application-users.properties" relative-to="jboss.server.config.dir"/>
- </authentication>
- <authorization>
- <properties path="application-roles.properties" relative-to="jboss.server.config.dir"/>
- </authorization>
- </security-realm>
- </security-realms>
- <audit-log>
- <formatters>
- <json-formatter name="json-formatter"/>
- </formatters>
- <handlers>
- <file-handler name="file" formatter="json-formatter" path="audit-log.log" relative-to="jboss.server.data.dir"/>
- </handlers>
- <logger log-boot="true" log-read-only="false" enabled="false">
- <handlers>
- <handler name="file"/>
- </handlers>
- </logger>
- </audit-log>
- <management-interfaces>
- <http-interface security-realm="ManagementRealm">
- <http-upgrade enabled="true"/>
- <socket-binding http="management-http"/>
- </http-interface>
- </management-interfaces>
- <access-control provider="simple">
- <role-mapping>
- <role name="SuperUser">
- <include>
- <user name="$local"/>
- </include>
- </role>
- </role-mapping>
- </access-control>
- </management>
- <profile>
- <subsystem xmlns="urn:jboss:domain:bean-validation:1.0"/>
- <subsystem xmlns="urn:jboss:domain:core-management:1.0"/>
- <subsystem xmlns="urn:jboss:domain:deployment-scanner:2.0">
- <deployment-scanner path="deployments" relative-to="jboss.server.base.dir" scan-interval="5000" runtime-failure-causes-rollback="${jboss.deployment.scanner.rollback.on.failure:false}"/>
- </subsystem>
- <subsystem xmlns="urn:jboss:domain:ee:6.0">
- <spec-descriptor-property-replacement>false</spec-descriptor-property-replacement>
- <concurrent>
- <context-services>
- <context-service name="default" jndi-name="java:jboss/ee/concurrency/context/default" use-transaction-setup-provider="true"/>
- </context-services>
- <managed-thread-factories>
- <managed-thread-factory name="default" jndi-name="java:jboss/ee/concurrency/factory/default" context-service="default"/>
- </managed-thread-factories>
- <managed-executor-services>
- <managed-executor-service name="default" jndi-name="java:jboss/ee/concurrency/executor/default" context-service="default" hung-task-termination-period="0" hung-task-threshold="60000" keepalive-time="5000"/>
- </managed-executor-services>
- <managed-scheduled-executor-services>
- <managed-scheduled-executor-service name="default" jndi-name="java:jboss/ee/concurrency/scheduler/default" context-service="default" hung-task-termination-period="0" hung-task-threshold="60000" keepalive-time="3000"/>
- </managed-scheduled-executor-services>
- </concurrent>
- <default-bindings context-service="java:jboss/ee/concurrency/context/default" datasource="java:jboss/datasources/ExampleDS" managed-executor-service="java:jboss/ee/concurrency/executor/default" managed-scheduled-executor-service="java:jboss/ee/concurrency/scheduler/default" managed-thread-factory="java:jboss/ee/concurrency/factory/default"/>
- </subsystem>
- <subsystem xmlns="urn:wildfly:health:1.0" security-enabled="false"/>
- <subsystem xmlns="urn:jboss:domain:io:3.0">
- <worker name="default"/>
- <buffer-pool name="default"/>
- </subsystem>
- <subsystem xmlns="urn:jboss:domain:jaxrs:2.0"/>
- <subsystem xmlns="urn:jboss:domain:jca:5.0">
- <archive-validation enabled="true" fail-on-error="true" fail-on-warn="false"/>
- <bean-validation enabled="true"/>
- <default-workmanager>
- <short-running-threads>
- <core-threads count="50"/>
- <queue-length count="50"/>
- <max-threads count="50"/>
- <keepalive-time time="10" unit="seconds"/>
- </short-running-threads>
- <long-running-threads>
- <core-threads count="50"/>
- <queue-length count="50"/>
- <max-threads count="50"/>
- <keepalive-time time="10" unit="seconds"/>
- </long-running-threads>
- </default-workmanager>
- <cached-connection-manager/>
- </subsystem>
- <subsystem xmlns="urn:jboss:domain:jmx:1.3">
- <expose-resolved-model/>
- <expose-expression-model/>
- <remoting-connector/>
- </subsystem>
- <subsystem xmlns="urn:jboss:domain:jpa:1.1">
- <jpa default-extended-persistence-inheritance="DEEP"/>
- </subsystem>
- <subsystem xmlns="urn:jboss:domain:keycloak-server:1.1">
- <web-context>auth</web-context>
- <providers>
- <provider>classpath:${jboss.home.dir}/providers/*</provider>
- </providers>
- <master-realm-name>master</master-realm-name>
- <scheduled-task-interval>900</scheduled-task-interval>
- <theme>
- <staticMaxAge>2592000</staticMaxAge>
- <cacheThemes>true</cacheThemes>
- <cacheTemplates>true</cacheTemplates>
- <dir>${jboss.home.dir}/themes</dir>
- </theme>
- <spi name="eventsStore">
- <provider name="jpa" enabled="true">
- <properties>
- <property name="exclude-events" value="["REFRESH_TOKEN"]"/>
- </properties>
- </provider>
- </spi>
- <spi name="userCache">
- <provider name="default" enabled="true"/>
- </spi>
- <spi name="userSessionPersister">
- <default-provider>jpa</default-provider>
- </spi>
- <spi name="timer">
- <default-provider>basic</default-provider>
- </spi>
- <spi name="connectionsHttpClient">
- <provider name="default" enabled="true"/>
- </spi>
- <spi name="connectionsJpa">
- <provider name="default" enabled="true">
- <properties>
- <property name="dataSource" value="java:jboss/datasources/KeycloakDS"/>
- <property name="initializeEmpty" value="true"/>
- <property name="migrationStrategy" value="update"/>
- <property name="migrationExport" value="${jboss.home.dir}/keycloak-database-update.sql"/>
- </properties>
- </provider>
- </spi>
- <spi name="realmCache">
- <provider name="default" enabled="true"/>
- </spi>
- <spi name="connectionsInfinispan">
- <default-provider>default</default-provider>
- <provider name="default" enabled="true">
- <properties>
- <property name="cacheContainer" value="java:jboss/infinispan/container/keycloak"/>
- </properties>
- </provider>
- </spi>
- <spi name="jta-lookup">
- <default-provider>${keycloak.jta.lookup.provider:jboss}</default-provider>
- <provider name="jboss" enabled="true"/>
- </spi>
- <spi name="publicKeyStorage">
- <provider name="infinispan" enabled="true">
- <properties>
- <property name="minTimeBetweenRequests" value="10"/>
- </properties>
- </provider>
- </spi>
- <spi name="x509cert-lookup">
- <default-provider>${keycloak.x509cert.lookup.provider:default}</default-provider>
- <provider name="default" enabled="true"/>
- </spi>
- <spi name="hostname">
- <default-provider>default</default-provider>
- <provider name="default" enabled="true">
- <properties>
- <property name="frontendUrl" value="${keycloak.frontendUrl:}"/>
- <property name="forceBackendUrlToFrontendUrl" value="false"/>
- </properties>
- </provider>
- </spi>
- </subsystem>
- <subsystem xmlns="urn:jboss:domain:logging:8.0">
- <console-handler name="CONSOLE">
- <level name="INFO"/>
- <formatter>
- <named-formatter name="COLOR-PATTERN"/>
- </formatter>
- </console-handler>
- <periodic-rotating-file-handler name="FILE" autoflush="true">
- <formatter>
- <named-formatter name="PATTERN"/>
- </formatter>
- <file relative-to="jboss.server.log.dir" path="server.log"/>
- <suffix value=".yyyy-MM-dd"/>
- <append value="true"/>
- </periodic-rotating-file-handler>
- <logger category="com.arjuna">
- <level name="WARN"/>
- </logger>
- <logger category="io.jaegertracing.Configuration">
- <level name="WARN"/>
- </logger>
- <logger category="org.jboss.as.config">
- <level name="DEBUG"/>
- </logger>
- <logger category="sun.rmi">
- <level name="WARN"/>
- </logger>
- <root-logger>
- <level name="INFO"/>
- <handlers>
- <handler name="CONSOLE"/>
- <handler name="FILE"/>
- </handlers>
- </root-logger>
- <formatter name="PATTERN">
- <pattern-formatter pattern="%d{yyyy-MM-dd HH:mm:ss,SSS} %-5p [%c] (%t) %s%e%n"/>
- </formatter>
- <formatter name="COLOR-PATTERN">
- <pattern-formatter pattern="%K{level}%d{HH:mm:ss,SSS} %-5p [%c] (%t) %s%e%n"/>
- </formatter>
- </subsystem>
- <subsystem xmlns="urn:jboss:domain:mail:4.0">
- <mail-session name="default" jndi-name="java:jboss/mail/Default">
- <smtp-server outbound-socket-binding-ref="mail-smtp"/>
- </mail-session>
- </subsystem>
- <subsystem xmlns="urn:wildfly:metrics:1.0" security-enabled="false" exposed-subsystems="*" prefix="${wildfly.metrics.prefix:wildfly}"/>
- <subsystem xmlns="urn:jboss:domain:naming:2.0">
- <remote-naming/>
- </subsystem>
- <subsystem xmlns="urn:jboss:domain:remoting:4.0">
- <http-connector name="http-remoting-connector" connector-ref="default" security-realm="ApplicationRealm"/>
- </subsystem>
- <subsystem xmlns="urn:jboss:domain:request-controller:1.0"/>
- <subsystem xmlns="urn:jboss:domain:security-manager:1.0">
- <deployment-permissions>
- <maximum-set>
- <permission class="java.security.AllPermission"/>
- </maximum-set>
- </deployment-permissions>
- </subsystem>
- <subsystem xmlns="urn:jboss:domain:security:2.0">
- <security-domains>
- <security-domain name="other" cache-type="default">
- <authentication>
- <login-module code="Remoting" flag="optional">
- <module-option name="password-stacking" value="useFirstPass"/>
- </login-module>
- <login-module code="RealmDirect" flag="required">
- <module-option name="password-stacking" value="useFirstPass"/>
- </login-module>
- </authentication>
- </security-domain>
- <security-domain name="jboss-web-policy" cache-type="default">
- <authorization>
- <policy-module code="Delegating" flag="required"/>
- </authorization>
- </security-domain>
- <security-domain name="jaspitest" cache-type="default">
- <authentication-jaspi>
- <login-module-stack name="dummy">
- <login-module code="Dummy" flag="optional"/>
- </login-module-stack>
- <auth-module code="Dummy"/>
- </authentication-jaspi>
- </security-domain>
- <security-domain name="jboss-ejb-policy" cache-type="default">
- <authorization>
- <policy-module code="Delegating" flag="required"/>
- </authorization>
- </security-domain>
- </security-domains>
- </subsystem>
- <subsystem xmlns="urn:jboss:domain:jgroups:8.0">
- <channels default="ee">
- <channel name="ee" stack="udp" cluster="ejb"/>
- </channels>
- <stacks>
- <stack name="udp">
- <transport type="UDP" socket-binding="jgroups-udp"/>
- <protocol type="PING"/>
- <protocol type="MERGE3"/>
- <socket-protocol type="FD_SOCK" socket-binding="jgroups-udp-fd"/>
- <protocol type="FD_ALL"/>
- <protocol type="VERIFY_SUSPECT"/>
- <protocol type="pbcast.NAKACK2"/>
- <protocol type="UNICAST3"/>
- <protocol type="pbcast.STABLE"/>
- <protocol type="pbcast.GMS"/>
- <protocol type="UFC"/>
- <protocol type="MFC"/>
- <protocol type="FRAG3"/>
- </stack>
- <stack name="tcp">
- <transport type="TCP" socket-binding="jgroups-tcp"/>
- <socket-protocol type="MPING" socket-binding="jgroups-mping"/>
- <protocol type="MERGE3"/>
- <socket-protocol type="FD_SOCK" socket-binding="jgroups-tcp-fd"/>
- <protocol type="FD_ALL"/>
- <protocol type="VERIFY_SUSPECT"/>
- <protocol type="pbcast.NAKACK2"/>
- <protocol type="UNICAST3"/>
- <protocol type="pbcast.STABLE"/>
- <protocol type="pbcast.GMS"/>
- <protocol type="MFC"/>
- <protocol type="FRAG3"/>
- </stack>
- </stacks>
- </subsystem>
- <subsystem xmlns="urn:jboss:domain:datasources:6.0">
- <datasources>
- <datasource jndi-name="java:jboss/datasources/ExampleDS" pool-name="ExampleDS" enabled="true" use-java-context="true" statistics-enabled="${wildfly.datasources.statistics-enabled:${wildfly.statistics-enabled:false}}">
- <connection-url>jdbc:h2:mem:test;DB_CLOSE_DELAY=-1;DB_CLOSE_ON_EXIT=FALSE</connection-url>
- <driver>h2</driver>
- <security>
- <user-name>sa</user-name>
- <password>sa</password>
- </security>
- </datasource>
- <datasource jndi-name="java:jboss/datasources/KeycloakDS" pool-name="KeycloakDS" enabled="true" use-java-context="true" statistics-enabled="${wildfly.datasources.statistics-enabled:${wildfly.statistics-enabled:false}}">
- <connection-url>jdbc:h2:${jboss.server.data.dir}/keycloak;AUTO_SERVER=TRUE</connection-url>
- <driver>h2</driver>
- <security>
- <user-name>sa</user-name>
- <password>sa</password>
- </security>
- </datasource>
- <datasource jndi-name="java:jboss/datasources/KeycloakDS2" pool-name="KeycloakDS2" enabled="true" use-java-context="true" statistics-enabled="${wildfly.datasources.statistics-enabled:${wildfly.statistics-enabled:false}}">
- <connection-url>jdbc:mariadb://localhost/keycloak?characterEncoding=UTF-8</connection-url>
- <driver>mariadb</driver>
- <pool>
- <max-pool-size>100</max-pool-size>
- </pool>
- <security>
- <user-name>{{ keycloak_db_admin }}</user-name>
- <password>{{ keycloak_db_pwd }}</password>
- </security>
- </datasource>
- <drivers>
- <driver name="h2" module="com.h2database.h2">
- <xa-datasource-class>org.h2.jdbcx.JdbcDataSource</xa-datasource-class>
- </driver>
- <driver name="mariadb" module="org.mariadb.jdbc">
- <xa-datasource-class>org.mariadb.jdbc.MariaDbDataSource</xa-datasource-class>
- </driver>
- </drivers>
- </datasources>
- </subsystem>
- <subsystem xmlns="urn:jboss:domain:modcluster:5.0">
- <proxy name="default" advertise-socket="modcluster" listener="ajp">
- <dynamic-load-provider>
- <load-metric type="cpu"/>
- </dynamic-load-provider>
- </proxy>
- </subsystem>
- <subsystem xmlns="urn:jboss:domain:ejb3:9.0">
- <session-bean>
- <stateless>
- <bean-instance-pool-ref pool-name="slsb-strict-max-pool"/>
- </stateless>
- <stateful default-access-timeout="5000" cache-ref="distributable" passivation-disabled-cache-ref="simple"/>
- <singleton default-access-timeout="5000"/>
- </session-bean>
- <pools>
- <bean-instance-pools>
- <strict-max-pool name="mdb-strict-max-pool" derive-size="from-cpu-count" instance-acquisition-timeout="5" instance-acquisition-timeout-unit="MINUTES"/>
- <strict-max-pool name="slsb-strict-max-pool" derive-size="from-worker-pools" instance-acquisition-timeout="5" instance-acquisition-timeout-unit="MINUTES"/>
- </bean-instance-pools>
- </pools>
- <caches>
- <cache name="simple"/>
- <cache name="distributable" passivation-store-ref="infinispan" aliases="passivating clustered"/>
- </caches>
- <passivation-stores>
- <passivation-store name="infinispan" cache-container="ejb" max-size="10000"/>
- </passivation-stores>
- <async thread-pool-name="default"/>
- <timer-service thread-pool-name="default" default-data-store="default-file-store">
- <data-stores>
- <file-data-store name="default-file-store" path="timer-service-data" relative-to="jboss.server.data.dir"/>
- </data-stores>
- </timer-service>
- <remote cluster="ejb" connectors="http-remoting-connector" thread-pool-name="default">
- <channel-creation-options>
- <option name="MAX_OUTBOUND_MESSAGES" value="1234" type="remoting"/>
- </channel-creation-options>
- </remote>
- <thread-pools>
- <thread-pool name="default">
- <max-threads count="10"/>
- <keepalive-time time="60" unit="seconds"/>
- </thread-pool>
- </thread-pools>
- <default-security-domain value="other"/>
- <default-missing-method-permissions-deny-access value="true"/>
- <statistics enabled="${wildfly.ejb3.statistics-enabled:${wildfly.statistics-enabled:false}}"/>
- <log-system-exceptions value="true"/>
- </subsystem>
- <subsystem xmlns="urn:jboss:domain:infinispan:12.0">
- <cache-container name="keycloak" modules="org.keycloak.keycloak-model-infinispan">
- <transport lock-timeout="60000"/>
- <local-cache name="realms">
- <heap-memory size="10000"/>
- </local-cache>
- <local-cache name="users">
- <heap-memory size="10000"/>
- </local-cache>
- <distributed-cache name="sessions" owners="1"/>
- <distributed-cache name="authenticationSessions" owners="1"/>
- <distributed-cache name="offlineSessions" owners="1"/>
- <distributed-cache name="clientSessions" owners="1"/>
- <distributed-cache name="offlineClientSessions" owners="1"/>
- <distributed-cache name="loginFailures" owners="1"/>
- <local-cache name="authorization">
- <heap-memory size="10000"/>
- </local-cache>
- <replicated-cache name="work"/>
- <local-cache name="keys">
- <heap-memory size="1000"/>
- <expiration max-idle="3600000"/>
- </local-cache>
- <distributed-cache name="actionTokens" owners="2">
- <heap-memory size="-1"/>
- <expiration max-idle="-1" interval="300000"/>
- </distributed-cache>
- </cache-container>
- <cache-container name="server" aliases="singleton cluster" default-cache="default" modules="org.wildfly.clustering.server">
- <transport lock-timeout="60000"/>
- <replicated-cache name="default">
- <transaction mode="BATCH"/>
- </replicated-cache>
- </cache-container>
- <cache-container name="web" default-cache="dist" modules="org.wildfly.clustering.web.infinispan">
- <transport lock-timeout="60000"/>
- <replicated-cache name="sso">
- <locking isolation="REPEATABLE_READ"/>
- <transaction mode="BATCH"/>
- </replicated-cache>
- <distributed-cache name="dist">
- <locking isolation="REPEATABLE_READ"/>
- <transaction mode="BATCH"/>
- <file-store/>
- </distributed-cache>
- <distributed-cache name="routing"/>
- </cache-container>
- <cache-container name="ejb" aliases="sfsb" default-cache="dist" modules="org.wildfly.clustering.ejb.infinispan">
- <transport lock-timeout="60000"/>
- <distributed-cache name="dist">
- <locking isolation="REPEATABLE_READ"/>
- <transaction mode="BATCH"/>
- <file-store/>
- </distributed-cache>
- </cache-container>
- <cache-container name="hibernate" modules="org.infinispan.hibernate-cache">
- <transport lock-timeout="60000"/>
- <local-cache name="local-query">
- <heap-memory size="10000"/>
- <expiration max-idle="100000"/>
- </local-cache>
- <invalidation-cache name="entity">
- <transaction mode="NON_XA"/>
- <heap-memory size="10000"/>
- <expiration max-idle="100000"/>
- </invalidation-cache>
- <replicated-cache name="timestamps"/>
- </cache-container>
- </subsystem>
- <subsystem xmlns="urn:jboss:domain:undertow:12.0" default-server="default-server" default-virtual-host="default-host" default-servlet-container="default" default-security-domain="other" statistics-enabled="${wildfly.undertow.statistics-enabled:${wildfly.statistics-enabled:false}}">
- <buffer-cache name="default"/>
- <server name="default-server">
- <ajp-listener name="ajp" socket-binding="ajp"/>
- <http-listener name="default" read-timeout="30000" socket-binding="http" redirect-socket="proxy-https" proxy-address-forwarding="true" enable-http2="true"/>
- <https-listener name="https" socket-binding="https" security-realm="ApplicationRealm" enable-http2="true"/>
- <host name="default-host" alias="localhost">
- <location name="/" handler="welcome-content"/>
- <http-invoker security-realm="ApplicationRealm"/>
- </host>
- </server>
- <servlet-container name="default">
- <jsp-config/>
- <websockets/>
- </servlet-container>
- <handlers>
- <file name="welcome-content" path="${jboss.home.dir}/welcome-content"/>
- </handlers>
- </subsystem>
- <subsystem xmlns="urn:wildfly:elytron:13.0" final-providers="combined-providers" disallowed-providers="OracleUcrypto">
- <providers>
- <aggregate-providers name="combined-providers">
- <providers name="elytron"/>
- <providers name="openssl"/>
- </aggregate-providers>
- <provider-loader name="elytron" module="org.wildfly.security.elytron"/>
- <provider-loader name="openssl" module="org.wildfly.openssl"/>
- </providers>
- <audit-logging>
- <file-audit-log name="local-audit" path="audit.log" relative-to="jboss.server.log.dir" format="JSON"/>
- </audit-logging>
- <security-domains>
- <security-domain name="ApplicationDomain" default-realm="ApplicationRealm" permission-mapper="default-permission-mapper">
- <realm name="ApplicationRealm" role-decoder="groups-to-roles"/>
- <realm name="local"/>
- </security-domain>
- <security-domain name="ManagementDomain" default-realm="ManagementRealm" permission-mapper="default-permission-mapper">
- <realm name="ManagementRealm" role-decoder="groups-to-roles"/>
- <realm name="local" role-mapper="super-user-mapper"/>
- </security-domain>
- </security-domains>
- <security-realms>
- <identity-realm name="local" identity="$local"/>
- <properties-realm name="ApplicationRealm">
- <users-properties path="application-users.properties" relative-to="jboss.server.config.dir" digest-realm-name="ApplicationRealm"/>
- <groups-properties path="application-roles.properties" relative-to="jboss.server.config.dir"/>
- </properties-realm>
- <properties-realm name="ManagementRealm">
- <users-properties path="mgmt-users.properties" relative-to="jboss.server.config.dir" digest-realm-name="ManagementRealm"/>
- <groups-properties path="mgmt-groups.properties" relative-to="jboss.server.config.dir"/>
- </properties-realm>
- </security-realms>
- <mappers>
- <simple-permission-mapper name="default-permission-mapper" mapping-mode="first">
- <permission-mapping>
- <principal name="anonymous"/>
- <permission-set name="default-permissions"/>
- </permission-mapping>
- <permission-mapping match-all="true">
- <permission-set name="login-permission"/>
- <permission-set name="default-permissions"/>
- </permission-mapping>
- </simple-permission-mapper>
- <constant-realm-mapper name="local" realm-name="local"/>
- <simple-role-decoder name="groups-to-roles" attribute="groups"/>
- <constant-role-mapper name="super-user-mapper">
- <role name="SuperUser"/>
- </constant-role-mapper>
- </mappers>
- <permission-sets>
- <permission-set name="login-permission">
- <permission class-name="org.wildfly.security.auth.permission.LoginPermission"/>
- </permission-set>
- <permission-set name="default-permissions">
- <permission class-name="org.wildfly.extension.batch.jberet.deployment.BatchPermission" module="org.wildfly.extension.batch.jberet" target-name="*"/>
- <permission class-name="org.wildfly.transaction.client.RemoteTransactionPermission" module="org.wildfly.transaction.client"/>
- <permission class-name="org.jboss.ejb.client.RemoteEJBPermission" module="org.jboss.ejb-client"/>
- </permission-set>
- </permission-sets>
- <http>
- <http-authentication-factory name="management-http-authentication" security-domain="ManagementDomain" http-server-mechanism-factory="global">
- <mechanism-configuration>
- <mechanism mechanism-name="DIGEST">
- <mechanism-realm realm-name="ManagementRealm"/>
- </mechanism>
- </mechanism-configuration>
- </http-authentication-factory>
- <provider-http-server-mechanism-factory name="global"/>
- </http>
- <sasl>
- <sasl-authentication-factory name="application-sasl-authentication" sasl-server-factory="configured" security-domain="ApplicationDomain">
- <mechanism-configuration>
- <mechanism mechanism-name="JBOSS-LOCAL-USER" realm-mapper="local"/>
- <mechanism mechanism-name="DIGEST-MD5">
- <mechanism-realm realm-name="ApplicationRealm"/>
- </mechanism>
- </mechanism-configuration>
- </sasl-authentication-factory>
- <sasl-authentication-factory name="management-sasl-authentication" sasl-server-factory="configured" security-domain="ManagementDomain">
- <mechanism-configuration>
- <mechanism mechanism-name="JBOSS-LOCAL-USER" realm-mapper="local"/>
- <mechanism mechanism-name="DIGEST-MD5">
- <mechanism-realm realm-name="ManagementRealm"/>
- </mechanism>
- </mechanism-configuration>
- </sasl-authentication-factory>
- <configurable-sasl-server-factory name="configured" sasl-server-factory="elytron">
- <properties>
- <property name="wildfly.sasl.local-user.default-user" value="$local"/>
- </properties>
- </configurable-sasl-server-factory>
- <mechanism-provider-filtering-sasl-server-factory name="elytron" sasl-server-factory="global">
- <filters>
- <filter provider-name="WildFlyElytron"/>
- </filters>
- </mechanism-provider-filtering-sasl-server-factory>
- <provider-sasl-server-factory name="global"/>
- </sasl>
- <tls>
- <key-stores>
- <key-store name="applicationKS">
- <credential-reference clear-text="password"/>
- <implementation type="JKS"/>
- <file path="application.keystore" relative-to="jboss.server.config.dir"/>
- </key-store>
- </key-stores>
- <key-managers>
- <key-manager name="applicationKM" key-store="applicationKS" generate-self-signed-certificate-host="localhost">
- <credential-reference clear-text="password"/>
- </key-manager>
- </key-managers>
- <server-ssl-contexts>
- <server-ssl-context name="applicationSSC" key-manager="applicationKM"/>
- </server-ssl-contexts>
- </tls>
- </subsystem>
- <subsystem xmlns="urn:jboss:domain:transactions:6.0">
- <core-environment node-identifier="${jboss.tx.node.id:1}">
- <process-id>
- <uuid/>
- </process-id>
- </core-environment>
- <recovery-environment socket-binding="txn-recovery-environment" status-socket-binding="txn-status-manager"/>
- <coordinator-environment statistics-enabled="${wildfly.transactions.statistics-enabled:${wildfly.statistics-enabled:false}}"/>
- <object-store path="tx-object-store" relative-to="jboss.server.data.dir"/>
- </subsystem>
- <subsystem xmlns="urn:jboss:domain:weld:4.0"/>
- </profile>
- <interfaces>
- <interface name="management">
- <inet-address value="${jboss.bind.address.management:127.0.0.1}"/>
- </interface>
- <interface name="private">
- <inet-address value="${jboss.bind.address.private:127.0.0.1}"/>
- </interface>
- <interface name="public">
- <inet-address value="${jboss.bind.address:127.0.0.1}"/>
- </interface>
- </interfaces>
- <socket-binding-group name="standard-sockets" default-interface="public" port-offset="${jboss.socket.binding.port-offset:0}">
- <socket-binding name="ajp" port="${jboss.ajp.port:8009}"/>
- <socket-binding name="http" port="${jboss.http.port:8080}"/>
- <socket-binding name="https" port="${jboss.https.port:8443}"/>
- <socket-binding name="jgroups-mping" interface="private" multicast-address="${jboss.default.multicast.address:230.0.0.4}" multicast-port="45700"/>
- <socket-binding name="jgroups-tcp" interface="private" port="7600"/>
- <socket-binding name="jgroups-tcp-fd" interface="private" port="57600"/>
- <socket-binding name="jgroups-udp" interface="private" port="55200" multicast-address="${jboss.default.multicast.address:230.0.0.4}" multicast-port="45688"/>
- <socket-binding name="jgroups-udp-fd" interface="private" port="54200"/>
- <socket-binding name="management-http" interface="management" port="${jboss.management.http.port:9990}"/>
- <socket-binding name="management-https" interface="management" port="${jboss.management.https.port:9993}"/>
- <socket-binding name="modcluster" multicast-address="${jboss.modcluster.multicast.address:224.0.1.105}" multicast-port="23364"/>
- <socket-binding name="proxy-https" port="443"/>
- <socket-binding name="txn-recovery-environment" port="4712"/>
- <socket-binding name="txn-status-manager" port="4713"/>
- <outbound-socket-binding name="mail-smtp">
- <remote-destination host="${jboss.mail.server.host:localhost}" port="${jboss.mail.server.port:25}"/>
- </outbound-socket-binding>
- </socket-binding-group>
-</server>
diff --git a/vars/main.yml b/vars/main.yml
index 2f438d5302b8571163436d9c48ca0bfc827ff181..1743586c4a9db12d05a19f77be6a6097be8ff07e 100644
--- a/vars/main.yml
+++ b/vars/main.yml
@@ -10,7 +10,7 @@ keycloak_base_path: "/opt/keycloak"
keycloak_dest: "{{ keycloak_base_path }}"
## General settings
-keycloak_version: "15.0.2"
+keycloak_version: "18.0.1"
# keycloak_previous_version: "13.0.0"
keycloak_url: "https://github.com/keycloak/keycloak/releases/download/{{ keycloak_version }}/keycloak-{{ keycloak_version }}.zip"
keycloak_archive: "keycloak-{{ keycloak_version }}.zip"
@@ -24,7 +24,7 @@ keycloak_db_pwd: "{{ vault_keycloak_db_pwd }}"
keycloak_mysql_unix_socket: "/run/mysqld/mysqld.sock"
# More General settings ( Optional )
keycloak_jboss_home: "{{ keycloak_base_path }}/keycloak-{{ keycloak_version }}"
-keycloak_config_dir: "{{ keycloak_jboss_home }}/standalone/configuration"
+keycloak_config_dir: "{{ keycloak_jboss_home }}/conf"
# If you want to create the admin user
keycloak_create_admin: false