Skip to content

Important Changes

Version 23.0.0

This version upgrade comes with changes that affect other SEAL Systems products and services.

Java Version

Caution - Java 17 or later

Keycloak 23.0 requires Java 17 or later versions.

Keycloak Version 23.x requires Java 17 or later versions. As Keycloak 21.x runs with Java 17, too, we recommend you to start the update from 21.x to 23.x by updating the Java version first and then the Keycloak version.

\\ Double Backslash Under Windows

In the keycloak.conf configuration file, you are not allowed to use \\ double backslashes any more. You have to use / single slashes instead.

The update provides a corrected file, which is automatically installed.

If you need to reconfigue paths from the keycloak.conf.install-bak backup file, you have to change them manually.

Version 21.0.1

This version upgrade comes with changes that affect other SEAL Systems products and services.

... on the Client

Keycloak includes the following important changes:

  1. Hint - HTTPS only

    SEAL Port 32769 supports only HTTPS, no HTTP anymore!

  2. In your clients, e. g. PLOSSYS 5, SEAL Operator/SEAL Print Client, adjust the following environment keys by removing the auth directory from the URL:

    • AUTH_ISSUER_URL: The OIDC identity provider's auth issuer URL. This parameter is mandatory.

      Example - AUTH_ISSUER_URL

      • old value:

        AUTH_ISSUER_URL=https://mgmt_server:32769/auth/realms/SEAL

      • new value:

        AUTH_ISSUER_URL=https://mgmt_server:32769/realms/SEAL

    • ID_PROVIDER_NAME: The name of the OIDC identity provider. This parameter is required for some identity providers.

      Example - ID_PROVIDER_NAME

      • old value:

        ID_PROVIDER_NAME=https://mgmt_server:32769/auth/realms/SEAL

      • new value:

        ID_PROVIDER_NAME=https://mgmt_server:32769/realms/SEAL

    • KC_ADMIN_BASE_URL: The admin base URL, if you use Keycloak as OIDC provider for Web Portal, and if AUTH_PROVIDER is set to keycloak.

      Example - KC_ADMIN_BASE_URL

      • old value:

        KC_ADMIN_BASE_URL=https://localhost:32769/auth

      • new value:

        KC_ADMIN_BASE_URL=https://localhost:32769

... in Keycloak

The client configuration has been changed. The previous configuration has been extended by a new optional, internal seal-webportal client for the communication between Web Portal and other SEAL Operator connectors.

The client is preconfigered as follows:

  • Client Credential Flow is activated.

  • The client-secret is active.

Getting a Token

You can get a token by making test calls like the following:

  • easyPRIMA:

    curl -k -d "client_id=seal-easyprima" -d "username=<user_name>" -d "password=<password>" -d "grant_type=password" -d "client_secret=<client_secret>" "https://%HOSTNAME%:32769/realms/SEAL/protocol/openid-connect/token" -v

  • SEAL OP-CLI:

    curl -k -d "client_id=seal-opcli" -d "username=<user_name>" -d "password=<password>" -d "grant_type=password" -d "client_secret=<client_secret>" "https://%HOSTNAME%:32769/realms/SEAL/protocol/openid-connect/token" -v

  • PLOSSYS CLI:

    curl -k -d "client_id=seal-plossyscli" -d "username=<user_name>" -d "password=<password>" -d "grant_type=password" -d "client_secret=<client_secret>" "https://%HOSTNAME%:32769/realms/SEAL/protocol/openid-connect/token" -v

Hint - adding new clients manually

You have to add new clients manually to prevent the existing configuration from being destroyed.

If you are allowed to overwrite the existing configuration, see Configuring an External Keycloak.

Back to top