V20.0.3 - docker-compose - feature installation issues

Configuring the server
1

Hey all,
Trying to figure out what i’m doing here,
I’m trying to setup keycloak 20.0.3 running on a docker container, i’m using docker-compose.
Database: postgres
Backend: FreeIPA
I’ve had everything working etc, auth working fine etc.
When I specify features i’d like to use via either --features or KC_FEATURES they done get installed.

Ive tried;
Specifying envs via the .env file in the compose file
building an image with a docker file.
specifying the envs in the compose file directly.

Everytime i load up the admin console and the features are all listed as disabled, I specifically check for a feature called eclarative-user-profile, that should apear in the realm page under " User Profile", this tab is always missing.

My compose as it currently stands:

    image: keycloak:local
    env_file: $DOCKERDIR/keycloak/keycloak.env
    container_name: keycloak
    restart: unless-stopped
    volumes:
      - /etc/localtime:/etc/localtime:ro
    # command: 
    #   - start --optimized
    networks:
      default:
    links: 
      - postgres
    ports:
      - "8085:8080"
    depends_on:
      postgres:
        condition: service_healthy
    logging:
      driver: "json-file"
      options:
        max-size: "500m"

my docker file:

FROM quay.io/keycloak/keycloak:latest as builder

ENV KC_HEALTH_ENABLED=true
ENV KC_METRICS_ENABLED=true
ENV KC_DB=postgres
ENV KC_DB_SCHEMA=public
ENV KC_DB_USERNAME=<REDACTED>
ENV KC_DB_PASSWORD=<REDACTED>
ENV KC_DB_URL="jdbc:postgresql://<REDACTED>:5432/<REDACTED>"
ENV KC_DB_URL_PROPERTIES="verifyServerCertificate=false&ssl=allow"
ENV KC_HTTP_RELATIVE_PATH=/
FROM quay.io/keycloak/keycloak:latest
COPY --from=builder /opt/keycloak/ /opt/keycloak/
WORKDIR /opt/keycloak

RUN /opt/keycloak/bin/kc.sh build --db postgres --features authorization --features account2 --features account-api --features admin-fine-grained-authz --features admin-api --features admin --features admin2 --features docker --features impersonation --features openshift-integration --features scripts --features token-exchange --features web-authn --features client-policies --features ciba --features map-storage --features par --features declarative-user-profile --features dynamic-scopes --features client-secret-rotation --features step-up-authentication --features recovery-codes --features update-email --features js-adapter
ENTRYPOINT ["/opt/keycloak/bin/kc.sh","-v start --optimized"]

My .env file:

KEYCLOAK_ADMIN_PASSWORD=<REDACTED>
KEYCLOAK_ADMIN=<REDACTED>
KC_LOG_LEVEL=DEBUG
KC_DB=<REDACTED>
#KC_DB_ADDR=<REDACTED>
#KC_DB_URL_PORT=5432
#KC_DB_DATABASE=<REDACTED>
KC_DB_SCHEMA=public
KC_DB_USERNAME=<REDACTED>
KC_DB_PASSWORD=<REDACTED>
KC_DB_URL="jdbc:postgresql://<REDACTED>:5432/<REDACTED>"
KC_DB_URL_PROPERTIES="verifyServerCertificate=false&ssl=allow"
KC_PROXY_ADDRESS_FORWARDING="true"
KC_HOSTNAME=<REDACTED>
KC_PROXY="edge"
KC_TRUST_PROXY_VERIFICATION="true"
#KC_HEALTH_ENABLED=true
#KC_METRICS_ENABLED=true
KC_LOG_CONSOLE_COLOR=true
#KC_HTTP_RELATIVE_PATH=/
#KC_FEATURES=authorization, account2, account-api, admin-fine-grained-authz, admin-api, admin, admin2, docker, impersonation, openshift-integration, scripts, token-exchange, web-authn, client-policies, ciba, map-storage, par, declarative-user-profile, dynamic-scopes, client-secret-rotation, step-up-authentication, recovery-codes, update-email, js-adapter, preview
2

Not very sure about that, but I suppose you need to use comma-separated values.

KC_FEATURES=authorization,account2,account-api,admin-fine-grained-authz

or

/opt/keycloak/bin/kc.sh build --db postgres --features authorization
3

Hey @weltonrodrigo , thanks for replying.
I managed to figure it out;
This main issue was I needed to remove the default features and the “map-storage” feature.
I got to this by trial and error, removing each feature one by one.
I with there was a way we could see the faulting feature in the docker build.

I ended up using and .ENV file for the parameters FYI.

KEYCLOAK_ADMIN_PASSWORD=<ADMINPASSWORD>
KEYCLOAK_ADMIN=<ADMINUSERNAME>
KC_LOG_LEVEL=DEBUG
KC_DB=<DATABASETYPE> #i.e postgres
KC_DB_ADDR=<DATABASEADDRESS> #i.e Hostname or ip address
KC_DB_URL_PORT=5432
KC_DB_DATABASE=<DATABASENAME>
KC_DB_SCHEMA=public
KC_DB_USERNAME=<DBUSER>
KC_DB_PASSWORD=<DBPASSWORD>
KC_DB_URL="jdbc:postgresql://<SERVER>:5432/<DATABASENAME>"
KC_DB_URL_PROPERTIES="verifyServerCertificate=false&ssl=allow"
KC_PROXY_ADDRESS_FORWARDING="true"
KC_HOSTNAME="a<URL>"
KC_PROXY="edge"
KC_TRUST_PROXY_VERIFICATION="true"
KC_HEALTH_ENABLED=true
KC_METRICS_ENABLED=true
KC_LOG_CONSOLE_COLOR=true
KC_HTTP_RELATIVE_PATH=/
KC_FEATURES=admin-fine-grained-authz,scripts,token-exchange,declarative-user-profile,dynamic-scopes,client-secret-rotation,recovery-codes,update-email
2 Likes
4

Ignore this, i figured it all out in the end.

5

Turns out certain features cause the setup to fail and the errors produced weren’t helpful, i ended up taking them away one by one and trying again to get the ones that worked.