Keycloak 26.0.0

[ma1uta]

What this PR does / why we need it:

Add support for Keycloak 26.0.0

Which issue this PR fixes (optional, in fixes #<issue number>(, fixes #<issue_number>, ...) format, will close that issue when PR gets merged): fixes #1160

Special notes for your reviewer:

PR Readiness Checklist:

Complete these before marking the PR as ready to review:

• the CHANGELOG.md release notes have been updated to reflect any significant (and particularly user-facing) changes introduced by this PR

[francis-pouatcha]

Can you please update the change log.

[thomasdarimont]

I just tested this branch and it worked for me.

However, I didn't test any KC26 specific configuration.

[thomasdarimont]

I also think we can drop the support for KC 18.x with the upgrade to KC26.

[sonarcloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

[SmithJosh]

Tested and this works for us as well. There was one bug we noticed though caused by this change in Keycloak 26 https://www.keycloak.org/docs/latest/release_notes/index.html#identity-providers-no-longer-available-from-the-realm-representation. The realm representation no longer contains identity provider mappers and so keycloak-config-cli tries to recreate them even if they already exist

[thomasdarimont]

Tested and this works for us as well. There was one bug we noticed though caused by this change in Keycloak 26 keycloak.org/docs/latest/release_notes/index.html#identity-providers-no-longer-available-from-the-realm-representation. The realm representation no longer contains identity provider mappers and so keycloak-config-cli tries to recreate them even if they already exist

I also stumbled upon this, according to https://www.keycloak.org/docs/26.0.2/upgrading/#identity-providers-no-longer-available-from-the-realm-representation we now need to query the endpoint /realms/{realm}/identity-provider/instances to handle this.

@SmithJosh I just gave this another try and it worked for me.

I did the following:

• Created a fresh KC 26.0.2 env
• I applied a realm config without IdPs
• I added two IdPs to the realm config and applied the config -> IdPs were created correctly in the realm
• Changed the display name of the IdP in realm config to trigger an update -> IdPs were updated correctly in the realm
• I commented out one IdP in the realm config, applied the config -> IdP was removed
• Manually added the IdP in the UI again
• I removed the comment from the IdP in realm config, applied the config -> IdP was updated again

Which IdP update scenario did not work for you?
I found a few places where org.keycloak.representations.idm.RealmRepresentation#getIdentityProviders() is used, e.g. de.adorsys.keycloak.config.factory.UsedAuthenticationFlowWorkaroundFactory.UsedAuthenticationFlowWorkaround#disableFirstBrokerLoginFlowsIfNeeded(..).
I think those usages (except RealmImport) have to be adapted to the new API, e.g. change:

List<IdentityProviderRepresentation> identityProviders = existingRealm.getIdentityProviders();
...

To:

List<IdentityProviderRepresentation> identityProviders = identityProviderRepository.getAll(existingRealm.getRealm());

[thomasdarimont]

I updated my branch https://github.com/thomasdarimont/keycloak-config-cli/tree/update/keycloak-26.0.x with the fixed IdentityProviders lookup.

[thomasdarimont]

I spent some time on this today but need to do other stuff now. I needed to adjust several other things as well (IdentityProviderMappers handling), see the latest commits in my branch.

Almost there: