ocis_keycloak: Enable backchannel logout for "web" client

This enables backchannel logout for the "web" client. Also this bumps keycloak to 21.1
2025-12-30 17:00:57 -06:00 · 2023-04-24 15:47:53 +02:00
parent 9bf4b3eb18
commit 3baeee3b73
2 changed files with 13 additions and 6 deletions
--- a/deployments/examples/ocis_keycloak/config/keycloak/ocis-realm.dist.json
+++ b/deployments/examples/ocis_keycloak/config/keycloak/ocis-realm.dist.json
@@ -464,8 +464,9 @@
  "otpPolicyPeriod": 30,
  "otpPolicyCodeReusable": false,
  "otpSupportedApplications": [
-    "totpAppFreeOTPName",
-    "totpAppGoogleName"
+    "totpAppMicrosoftAuthenticatorName",
+    "totpAppGoogleName",
+    "totpAppFreeOTPName"
  ],
  "webAuthnPolicyRpEntityName": "keycloak",
  "webAuthnPolicySignatureAlgorithms": [
@@ -1113,6 +1114,8 @@
    {
      "id": "54b18eca-cf79-4263-9db9-2d79f8a1c831",
      "clientId": "web",
+      "name": "",
+      "description": "",
      "rootUrl": "https://ocis.owncloud.test",
      "adminUrl": "https://ocis.owncloud.test",
      "baseUrl": "",
@@ -1142,10 +1145,13 @@
        "saml.multivalued.roles": "false",
        "saml.encrypt": "false",
        "post.logout.redirect.uris": "+",
+        "oauth2.device.authorization.grant.enabled": "false",
        "backchannel.logout.revoke.offline.tokens": "false",
        "saml.server.signature": "false",
        "saml.server.signature.keyinfo.ext": "false",
        "exclude.session.state.from.auth.response": "false",
+        "oidc.ciba.grant.enabled": "false",
+        "backchannel.logout.url": "https://ocis.owncloud.test/backchannel_logout",
        "backchannel.logout.session.required": "true",
        "client_credentials.use_refresh_token": "false",
        "saml_force_name_id_format": "false",
@@ -1692,7 +1698,8 @@
          "consentRequired": false,
          "config": {
            "id.token.claim": "true",
-            "access.token.claim": "true"
+            "access.token.claim": "true",
+            "userinfo.token.claim": "true"
          }
        }
      ]
@@ -2590,7 +2597,7 @@
    "cibaInterval": "5",
    "realmReusableOtpCode": "false"
  },
-  "keycloakVersion": "20.0.5",
+  "keycloakVersion": "21.1.0",
  "userManagedAccessAllowed": false,
  "clientProfiles": {
    "profiles": []
--- a/deployments/examples/ocis_keycloak/docker-compose.yml
+++ b/deployments/examples/ocis_keycloak/docker-compose.yml
@@ -102,10 +102,10 @@ services:
    restart: always

  keycloak:
-    image: quay.io/keycloak/keycloak:20.0
+    image: quay.io/keycloak/keycloak:21.1
    networks:
      ocis-net:
-    command: ["start", "--proxy edge", "--import-realm"]
+    command: ["start", "--proxy edge", "--spi-connections-http-client-default-disable-trust-manager=${INSECURE:-false}", "--import-realm"]
    entrypoint: ["/bin/sh", "/opt/keycloak/bin/docker-entrypoint-override.sh"]
    volumes:
      - "./config/keycloak/docker-entrypoint-override.sh:/opt/keycloak/bin/docker-entrypoint-override.sh"