From eb225fc86fa8aba1d0c77c280f92b5744d98eaf8 Mon Sep 17 00:00:00 2001
From: Fabre Florian <ffabre@hybird.org>
Date: Thu, 7 Aug 2025 09:31:10 +0200
Subject: [PATCH] =?UTF-8?q?=F0=9F=94=A7(keycloak)=20Fix=20https=20required?=
 =?UTF-8?q?=20issue=20in=20dev=20mode?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

On some environments keycloak returns a 'HTTPS required' message on login.
The same issue was fixed in drive by changing the 'sslRequired' value
from 'external' to 'none'.
Also upgrade keycloak up to 26.3.2

Signed-off-by: Fabre Florian <ffabre@hybird.org>
---
 CHANGELOG.md           |  1 +
 compose.yml            | 10 ++++------
 docker/auth/realm.json |  4 ++--
 3 files changed, 7 insertions(+), 8 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 0010ef6b..2662de97 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -71,6 +71,7 @@ and this project adheres to
 - 🐛(frontend) fix dnd conflict with tree and Blocknote #1328
 - 🐛(frontend) fix display bug on homepage #1332
 - 🐛link role update #1287
+- 🔧(keycloak) Fix https required issue in dev mode #1286
 
 ## [3.5.0] - 2025-07-31
 
diff --git a/compose.yml b/compose.yml
index 88e178e3..a774f11e 100644
--- a/compose.yml
+++ b/compose.yml
@@ -184,22 +184,20 @@ services:
       - env.d/development/kc_postgresql.local
 
   keycloak:
-    image: quay.io/keycloak/keycloak:20.0.1
+    image: quay.io/keycloak/keycloak:26.3
     volumes:
       - ./docker/auth/realm.json:/opt/keycloak/data/import/realm.json
     command:
       - start-dev
       - --features=preview
       - --import-realm
-      - --proxy=edge
-      - --hostname-url=http://localhost:8083
-      - --hostname-admin-url=http://localhost:8083/
+      - --hostname=http://localhost:8083
       - --hostname-strict=false
-      - --hostname-strict-https=false
       - --health-enabled=true
       - --metrics-enabled=true
     healthcheck:
-      test: ["CMD", "curl", "--head", "-fsS", "http://localhost:8080/health/ready"]
+      test: ['CMD-SHELL', 'exec 3<>/dev/tcp/localhost/9000; echo -e "GET /health/live HTTP/1.1\r\nHost: localhost\r\nConnection: close\r\n\r\n" >&3; grep "HTTP/1.1 200 OK" <&3']
+      start_period: 5s
       interval: 1s
       timeout: 2s
       retries: 300
diff --git a/docker/auth/realm.json b/docker/auth/realm.json
index db5f1be0..c5f265a4 100644
--- a/docker/auth/realm.json
+++ b/docker/auth/realm.json
@@ -26,7 +26,7 @@
   "oauth2DeviceCodeLifespan": 600,
   "oauth2DevicePollingInterval": 5,
   "enabled": true,
-  "sslRequired": "external",
+  "sslRequired": "none",
   "registrationAllowed": true,
   "registrationEmailAsUsername": false,
   "rememberMe": true,
@@ -2270,7 +2270,7 @@
     "cibaInterval": "5",
     "realmReusableOtpCode": "false"
   },
-  "keycloakVersion": "20.0.1",
+  "keycloakVersion": "26.3.2",
   "userManagedAccessAllowed": false,
   "clientProfiles": {
     "profiles": []