Univention Bugzilla – Bug 56484
ldapsOnly option removed from Keycloak 22
Last modified: 2023-08-30 13:31:43 CEST
We used the ldapsOnly option for the truststore usage in Keycloak. This option has been removed and Keycloak will now default to "Always", which tracebacks. Probably a bug in Keycloak. We need to modify univention-keycloak to adjust this option in both realm "master" and realm "ucs".
Looks good, worked in manual tests, for the jenkins tests i need to merge/build this, will do that now and start the tests.
Successful build Package: univention-keycloak Version: 1.0.9-29 Branch: ucs_5.0-0 Scope: errata5.0-4
Jenkins Test for current version: https://jenkins2022.knut.univention.de/job/UCS-5.0/job/UCS-5.0-4/view/Keycloak/job/Keycloak%20Product%20Tests/38/ Jenksin Test for keycloak 22: https://jenkins2022.knut.univention.de/job/UCS-5.0/job/UCS-5.0-4/view/Keycloak/job/Keycloak%20Branch%20Tests/9/
OK - 22 Branch test (just a minor error in 10_legacy_authorization test_univention_keycloak_legacy_flow_config about some description attribute, we can fix that later) OK - 21 Product test (just a minor error in 05_univention-keycloak.test_upgrade_config_status because we did not yet change the version of the join script for keycloak 22, we have to do this for the next app update) This tells us that "useTruststoreSpi=never" works with keycloak 21 and 22.
<https://errata.software-univention.de/#/?erratum=5.0x791>