[keycloak-user] Problem with Keys

Karol Buler K.Buler at adbglobal.com
Tue Jan 2 11:47:00 EST 2018


Hi Marek,

thanks for the response!

Of course we use specific docker image (at this moment 
jboss/keycloak-postgres:3.2.1.Final), so database is persistent, but 
(checked twice) RSA and also HMAC from "Realm settings -> Keys" are 
different after rebooting the Keycloak's docker. The only additional 
thing we do in dockerfile is adding our User Federation's provider. Do 
you see any mistake that we could do?

Karol


On 02.01.2018 17:21, Marek Posolda wrote:
> Hi,
>
> isn't the problem that your whole database is always "restarted" 
> during each keycloak reboot? Or that you always force reimport things? 
> If you use docker image pointed to shared database, you won't see this 
> problem though. We have docker images for databases like PostgreSQL, 
> MySQL AFAIR.
>
> Marek
>
> On 02/01/18 10:27, Karol Buler wrote:
>> Hi Keycloak community!
>>
>> At the beginning I would wish you a Happy New Year! :)
>>
>> About the problem... If we run Keycloak as a docker, every time Keycloak
>> is rebooted the Keys (Realm Setting -> Keys) are generated again. Result
>> is that each application which use Keycloak's adapter throws "Didn't
>> find publicKey for specified kid" error. This error occurs because the
>> Keys are not rotated in right way, and application does not know about
>> the rotation.
>>
>> Have you met this problem? What is your workaround? Is it an issue?
>>
>> Best regards,
>> Karol
>>
>> [https://www.adbglobal.com/wp-content/uploads/adb.png]
>> adbglobal.com<https://www.adbglobal.com>
>>
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
>



More information about the keycloak-user mailing list