Support Keycloak 17+

[morki]

Feature description

Keycloak 17

In Keycloak 17 the default distribution is powered by Quarkus and default endpoints has changed (removed the /auth prefix) so autoconfiguration of EndSessionEndpoint is failing.

See https://github.com/micronaut-projects/micronaut-security/pull/1009

Keycloak 18

In Keycloak 18 there are even bigger changes as shift to using standard OIDC logout and more. This means the KeycloakEndSessionEndpoint is not working anymore.

The behaviour is now following OIDC standard and is working exactly as OktaEndSessionEndpoint.

Proposed solution

Add new configuration property mode with following options:

• auto (actual behavior using EndSessionEndpointResolver, backward compatible, default value)
• standard (new behaviour, following the standard, using renamed OktaEndSessionEndpoint)

Example:

micronaut:
  security:
    oauth2:
      clients:
        internal:
          enabled: true
          client-id: xxx
          client-secret: xxx
          openid:
            issuer: xxx
            end-session:
              enabled: true
              mode: standard # <-- this is the new property

Current workaround for Keycloak 18

We successfuly tricked Micronaut to think that Keycloak is Okta by using ?okta suffix for issuer URL e.g. https://sso.xxx.com/realms/master?okta.