Univention Bugzilla – Bug 56747
Script which checks the migration status from SSPHP/OIDCP to Keycloak
Last modified: 2023-11-09 13:45:05 CET
For the upgrade to 5.2, we need a script that checks that the Keycloak migration has been done, as simpleSAMLphp / Kopano Konnect will be removed during the upgrade. There is no easy way to check it automatically - there might be one service where some clients are configured, e.g. some external ones. Keycloak being installed doesn't mean anything, it could just be an unsused installation. So during upgrade, we'll have to check if all saml/serviceproviders, oidc/rpservice objects have been removed and Keycloak has been installed in the domain. The script should also be able to delete those objects, and make an (ldif?) backup of them, just in case. Only after then, a customer can update. We'll put this in the migration guide as well. This script must be available in 5.0-5 and must be run in the preup check of 5.1.
Package: univention-keycloak Version: 1.0.9-32 Branch: ucs_5.0-0 Scope: errata5.0-5 User: jbremer d1369c3471a9502296a178a924f7bf37cc75b7f7 Bug #56747: Add migration status file A script has been added which checks if the Keycloak migration was done. It can also be used to remove all saml serviceprovider / oidc relying parties.
YAML: OK Package builds: OK Code: OK Tested: w/o Keycloak installed
<https://errata.software-univention.de/#/?erratum=5.0x874>