Skip to content

Important Changes

Version 23.0.0

This version upgrade comes with changes that affect other SEAL Systems products and services.

Java Version

Caution - Java 17 or later

Keycloak 23.0 requires Java 17 or later versions.

Keycloak Version 23.x requires Java 17 or later versions. As Keycloak 21.x runs with Java 17, too, we recommend you to start the update from 21.x to 23.x by updating the Java version first and then the Keycloak version.

Version 21.0.1

This version upgrade comes with changes that affect other SEAL Systems products and services.

... on the Client

Keycloak includes the following important changes:

  1. Hint - HTTPS only

    SEAL Port 32769 supports only HTTPS, no HTTP anymore!

  2. In your clients, e. g. PLOSSYS 5, SEAL Operator/SEAL Print Client, adjust the following environment keys by removing the auth directory from the URL:

    • AUTH_ISSUER_URL: The OIDC identity provider's auth issuer URL. This parameter is mandatory.

      Example - AUTH_ISSUER_URL

      • old value:

        AUTH_ISSUER_URL=https://mgmt_server:32769/auth/realms/SEAL

      • new value:

        AUTH_ISSUER_URL=https://mgmt_server:32769/realms/SEAL

    • ID_PROVIDER_NAME: The name of the OIDC identity provider. This parameter is required for some identity providers.

      Example - ID_PROVIDER_NAME

      • old value:

        ID_PROVIDER_NAME=https://mgmt_server:32769/auth/realms/SEAL

      • new value:

        ID_PROVIDER_NAME=https://mgmt_server:32769/realms/SEAL

    • KC_ADMIN_BASE_URL: The admin base URL, if you use Keycloak as OIDC provider for Web Portal, and if AUTH_PROVIDER is set to keycloak.

      Example - KC_ADMIN_BASE_URL

      • old value:

        KC_ADMIN_BASE_URL=https://localhost:32769/auth

      • new value:

        KC_ADMIN_BASE_URL=https://localhost:32769

... in Keycloak

The client configuration has been changed. The previous configuration has been extended by a new optional, internal seal-webportal client for the communication between Web Portal and other SEAL Operator connectors.

The client is preconfigered as follows:

  • Client Credential Flow is activated.

  • The client-secret is active.

Getting a Token

You can get a token by making test calls like the following:

  • easyPRIMA:

    curl -k -d "client_id=seal-easyprima" -d "username=<user_name>" -d "password=<password>" -d "grant_type=password" -d "client_secret=<client_secret>" "https://%HOSTNAME%:32769/realms/SEAL/protocol/openid-connect/token" -v

  • SEAL OP-CLI:

    curl -k -d "client_id=seal-opcli" -d "username=<user_name>" -d "password=<password>" -d "grant_type=password" -d "client_secret=<client_secret>" "https://%HOSTNAME%:32769/realms/SEAL/protocol/openid-connect/token" -v

  • PLOSSYS CLI:

    curl -k -d "client_id=seal-plossyscli" -d "username=<user_name>" -d "password=<password>" -d "grant_type=password" -d "client_secret=<client_secret>" "https://%HOSTNAME%:32769/realms/SEAL/protocol/openid-connect/token" -v

Hint - adding new clients manually

You have to add new clients manually to prevent the existing configuration from being destroyed.

If you are allowed to overwrite the existing configuration, see Configuring an External Keycloak.

Back to top