[keycloak-user] Problem with Keys

Karol Buler K.Buler at adbglobal.com
Wed Jan 3 06:25:58 EST 2018 

Hmm... I just checked again on local machine with docker-compose and 
those Keys aren't changed. It looks like this issue occurs only on 
OpenShift which we use for whole system. I have to check how it works 
step by step.


On 03.01.2018 10:34, Karol Buler wrote:
> [This sender failed our fraud detection checks and may not be who they appear to be. Learn about spoofing at http://aka.ms/LearnAboutSpoofing]
>
> We don't (re)import anything after rebooting. As I said the only thing
> we do is adding our User Federation. Is it possible that Keycloak
> regenerate Keys while User Federation injecting? In other hand... where
> those keys are stored? I mean which table in DB?
>
>
> On 03.01.2018 09:08, Marek Posolda wrote:
>> On 02/01/18 17:47, Karol Buler wrote:
>>> Hi Marek,
>>>
>>> thanks for the response!
>>>
>>> Of course we use specific docker image (at this moment
>>> jboss/keycloak-postgres:3.2.1.Final), so database is persistent, but
>>> (checked twice) RSA and also HMAC from "Realm settings -> Keys" are
>>> different after rebooting the Keycloak's docker. The only additional
>>> thing we do in dockerfile is adding our User Federation's provider.
>>> Do you see any mistake that we could do?
>> I guess you may do import (or reimport) of the realm after the reboot?
>> Re-import will always generate new keys by default. You can either
>> skip re-import or if skip re-import is really needed, then you may
>> need to use different key provider, and perhaps hardcode the keys
>> instead of always generate them.
>>
>> Marek
>>> Karol
>>>
>>>
>>> On 02.01.2018 17:21, Marek Posolda wrote:
>>>> Hi,
>>>>
>>>> isn't the problem that your whole database is always "restarted"
>>>> during each keycloak reboot? Or that you always force reimport
>>>> things? If you use docker image pointed to shared database, you
>>>> won't see this problem though. We have docker images for databases
>>>> like PostgreSQL, MySQL AFAIR.
>>>>
>>>> Marek
>>>>
>>>> On 02/01/18 10:27, Karol Buler wrote:
>>>>> Hi Keycloak community!
>>>>>
>>>>> At the beginning I would wish you a Happy New Year! :)
>>>>>
>>>>> About the problem... If we run Keycloak as a docker, every time
>>>>> Keycloak
>>>>> is rebooted the Keys (Realm Setting -> Keys) are generated again.
>>>>> Result
>>>>> is that each application which use Keycloak's adapter throws "Didn't
>>>>> find publicKey for specified kid" error. This error occurs because the
>>>>> Keys are not rotated in right way, and application does not know about
>>>>> the rotation.
>>>>>
>>>>> Have you met this problem? What is your workaround? Is it an issue?
>>>>>
>>>>> Best regards,
>>>>> Karol
>>>>>
>>>>> [https://www.adbglobal.com/wp-content/uploads/adb.png]
>>>>> adbglobal.com<https://www.adbglobal.com>
>>>>>
>>>>> _______________________________________________
>>>>> keycloak-user mailing list
>>>>> keycloak-user at lists.jboss.org
>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user

More information about the keycloak-user mailing list