Skip to content

Instantly share code, notes, and snippets.

Avatar
🏠
Working from home

Thomas Darimont thomasdarimont

🏠
Working from home
View GitHub Profile
@thomasdarimont
thomasdarimont / Dockerfile
Created Jun 13, 2022
PoC for improving startup time with class data sharing
View Dockerfile
FROM quay.io/keycloak/keycloak:18.0.0 as builder
USER 0
RUN microdnf remove -y java-11-openjdk-headless && \
microdnf install -y java-17-openjdk-headless && \
microdnf clean all && \
rm -rf /var/cache/yum/* && \
alternatives --set java $(alternatives --list | grep jre_17_openjdk | cut -d$'\t' -f3) || echo "ignore bad exit code"
@thomasdarimont
thomasdarimont / IpAccessFilter.java
Last active Jun 13, 2022
PoC for an IP based access filter for Keycloak on Quarkus / Vertx
View IpAccessFilter.java
package com.github.thomasdarimont.keycloakx.custom.security;
import io.netty.handler.ipfilter.IpFilterRuleType;
import io.netty.handler.ipfilter.IpSubnetFilterRule;
import io.vertx.core.http.HttpServerRequest;
import lombok.Data;
import lombok.extern.jbosslog.JBossLog;
import org.keycloak.quarkus.runtime.configuration.Configuration;
import javax.ws.rs.ForbiddenException;
@thomasdarimont
thomasdarimont / CustomHostnameProvider.java
Created May 19, 2022
Custom Keycloak Hostname Provider for Quarkus
View CustomHostnameProvider.java
package com.github.thomasdarimont.keycloak.hostname;
import com.google.auto.service.AutoService;
import org.keycloak.Config;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.KeycloakSessionFactory;
import org.keycloak.quarkus.runtime.hostname.DefaultHostnameProvider;
import org.keycloak.urls.HostnameProvider;
import org.keycloak.urls.HostnameProviderFactory;
import org.keycloak.urls.UrlType;
@thomasdarimont
thomasdarimont / keycloak-db-values.yaml
Last active May 17, 2022
Example for using codecentric helmchart with kind and nginx ingress controller
View keycloak-db-values.yaml
# See https://github.com/bitnami/charts/tree/master/bitnami/postgresql
global:
postgresql:
auth:
username: dbusername
password: dbpassword
database: keycloak
@thomasdarimont
thomasdarimont / docker-scan-output1.txt
Created May 9, 2022
Custom Keycloak.X Image docker scan output
View docker-scan-output1.txt
$ docker scan thomasdarimont/custom-keycloakx:1.0.0-SNAPSHOT
Testing thomasdarimont/custom-keycloakx:1.0.0-SNAPSHOT...
Package manager: apk
Project name: docker-image|thomasdarimont/custom-keycloakx
Docker image: thomasdarimont/custom-keycloakx:1.0.0-SNAPSHOT
Platform: linux/amd64
Base image: alpine:3.15.4
@thomasdarimont
thomasdarimont / keycloak-18-custom-findings.txt
Last active May 8, 2022
CVEs reported in Keycloak Image quay.io/keycloak/keycloak:18.0.0 by aquasec/trivy
View keycloak-18-custom-findings.txt
docker run --privileged --rm -v /home/tom/.trivy/cache:/root/.cache/ -v /var/run/docker.sock:/var/run/docker.sock:z aquasec/trivy:0.27.1 image thomasdarimont/custom-keycloakx:1.0.0-SNAPSHOT
docker run --privileged --rm -v /home/tom/.trivy/cache:/root/.cache/ -v /var/run/docker.sock:/var/run/docker.sock:z aquasec/trivy:0.27.1 image thomasdarimont/custom-keycloakx:1.0.0-SNAPSHOT
2022-05-07T11:40:04.324Z INFO Detected OS: redhat
2022-05-07T11:40:04.324Z INFO Detecting RHEL/CentOS vulnerabilities...
2022-05-07T11:40:04.356Z INFO Number of language-specific files: 1
2022-05-07T11:40:04.356Z INFO Detecting jar vulnerabilities...
thomasdarimont/custom-keycloakx:1.0.0-SNAPSHOT (redhat 8.5)
===========================================================
@thomasdarimont
thomasdarimont / Main.java
Created May 6, 2022
PoC for Quarkus Jar Patcher
View Main.java
package demo;
import io.quarkus.bootstrap.app.AdditionalDependency;
import io.quarkus.bootstrap.app.CuratedApplication;
import io.quarkus.bootstrap.app.QuarkusBootstrap;
import io.quarkus.bootstrap.model.AppArtifactKey;
import io.quarkus.bootstrap.model.AppModel;
import io.quarkus.bootstrap.model.ApplicationModel;
import io.quarkus.bootstrap.model.DefaultApplicationModel;
import io.quarkus.bootstrap.model.MutableJarApplicationModel;
@thomasdarimont
thomasdarimont / index.md
Last active Apr 28, 2022
Keycloak.X Dependencies (Keycloak 18 Snapshot)
View index.md
mvn  dependency:tree --also-make-dependents --projects quarkus/deployment,quarkus/dist,quarkus/runtime,quarkus/server
[INFO] Scanning for projects...
[WARNING] 
[WARNING] Some problems were encountered while building the effective model for org.keycloak:keycloak-model-map-jpa:jar:999-SNAPSHOT
[WARNING] 'dependencies.dependency.(groupId:artifactId:type:classifier)' must be unique: jakarta.persistence:jakarta.persistence-api:jar -> duplicate declaration of version (?) @ line 54, column 21
[WARNING] 
@thomasdarimont
thomasdarimont / readme.md
Created Apr 25, 2022
Keycloak 18.0.0 with new admin console
View readme.md

docker run \
-it \
--rm
--name kcx
-e KEYCLOAK_ADMIN=admin
-e KEYCLOAK_ADMIN_PASSWORD=admin
-e KC_HTTP_RELATIVE_PATH=auth
-p 8080:8080
quay.io/keycloak/keycloak:18.0.0
start-dev

View readme.md
docker run -it --rm  mcr.microsoft.com/restlerfuzzer/restler:v7.4.0 dotnet /RESTler/restler/Restler.dll 

See also: microsoft/restler-fuzzer#371