Downgrade Keycloak to 23.0.7

[johnaohara]

Keycloak version was incompatible with services running SSO

Fixes Issue

Fixes: #2061

Changes proposed

Check List (Check all the applicable boxes)

• My code follows the code style of this project.
• My change requires changes to the documentation.
• I have updated the documentation accordingly.
• All new and existing tests passed.

[lampajr]

Hey @johnaohara, I am not 100% sure but I think that we are still bringing 25.0.2 version for keycloak (in some places):

[INFO] \- io.quarkus:quarkus-keycloak-admin-resteasy-client:jar:3.14.4:compile
....
[INFO]    +- org.keycloak:keycloak-admin-client:jar:25.0.2:compile

That might be the reason of the failure we see here.

[johnaohara]

@lampajr it's a mess after we upgraded quarkus :(

[johnaohara]

either we need to remove the dependency on quarkus-keycloak-admin-resteasy-client or only use Quarkus LTS releases

[lampajr]

it's a mess after we upgraded quarkus :(

+1

either we need to remove the dependency on quarkus-keycloak-admin-resteasy-client

I was trying this locally, but even if that works for the test I am not fully sure we won't introduce any bug by forcing quarkus-keycloak-admin-resteasy-client to use an older version of keycloak

only use Quarkus LTS releases

I think this will be something we should start considering..

[lampajr]

either we need to remove the dependency on quarkus-keycloak-admin-resteasy-client or only use Quarkus LTS releases

Both options are not so straightforward.. 😓

[lampajr]

Hey @johnaohara,

I tried locally and it looks working when starting from a fresh installation but it looks failing when starting from an existing db backup.

The thrown exception is:

Caused by: java.lang.RuntimeException: java.lang.RuntimeException: Unable to re-configure keycloak instance: jakarta.ws.rs.NotAuthorizedException: HTTP 401 Unauthorized
	at io.hyperfoil.tools.horreum.dev.services.deployment.HorreumDevServicesProcessor.startHorreumContainers(HorreumDevServicesProcessor.java:197)
	at java.base/java.lang.invoke.MethodHandle.invokeWithArguments(MethodHandle.java:732)
	at io.quarkus.deployment.ExtensionLoader$3.execute(ExtensionLoader.java:856)
	at io.quarkus.builder.BuildContext.run(BuildContext.java:256)
	at org.jboss.threads.ContextHandler$1.runWith(ContextHandler.java:18)
	at org.jboss.threads.EnhancedQueueExecutor$Task.doRunWith(EnhancedQueueExecutor.java:2516)
	at org.jboss.threads.EnhancedQueueExecutor$Task.run(EnhancedQueueExecutor.java:2495)
	at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1521)
	at java.base/java.lang.Thread.run(Thread.java:840)
	at org.jboss.threads.JBossThread.run(JBossThread.java:483)
Caused by: java.lang.RuntimeException: Unable to re-configure keycloak instance: jakarta.ws.rs.NotAuthorizedException: HTTP 401 Unauthorized
	at io.hyperfoil.tools.horreum.infra.common.HorreumResources.startContainers(HorreumResources.java:163)
	at io.hyperfoil.tools.horreum.dev.services.deployment.HorreumDevServicesProcessor.startHorreumContainers(HorreumDevServicesProcessor.java:118)
	... 9 more

which seems expected but I don't get how you imagined the upgrade when a db is already existing 🤔

[johnaohara]

@lampajr i saw this error when re-using a prod backup that had been loaded in dev mode by current main or 0.15 branch. When I tested with a fresh backup it worked without error.

I think the with the current main branch, upgrading to keycloak 0.25.x will have modified the database tables, which are incompatible with 0.23.x, so downgrading keycloak on an already migrated database will break auth.

We need to be able to chose the keycloak version to maintain compatibility with production versions

[lampajr]

lgtm then!