[keycloak-user] Keycloak server migration backward compatibility
Abhijeet Deshpande
abhijeet.p.deshpande at gmail.com
Tue Mar 19 17:08:47 EDT 2019
Hi,
I’m migrating keycloak version from 2.2.1.Final to Keycloak 4.4.0.Final,
with an option for backward compatibility. i.e. a bearer token generated by
UI application on Keycloak 2.2.1.Final, can be authenticated by Service on
Keycloak 4.4.0.Final keycloak version
Our application has Angular-UI (ssoadmin-ui) & SpringBoot-Services
(ssoadmin-service).
For my migration POC:
1. Installed Keycloak 4.4.0.Final version on my local, registered both
above mentioned clients in new Keycloak version.
2. Modified the key /src/config/keycloak.json file with latest keycloak
settings, below is the keycloak.json
{
"realm": "Demo",
"auth-server-url": "http://localhost:8080/auth",
"ssl-required": "external",
"resource": "ssoadmin-ui",
"public-client": true,
"use-resource-role-mappings": true,
"confidential-port": 0
}
1. With these setting in Angular I’m making call to my service. Service
is running on localhost:8082
2. My service still points to old keycloak instance (KeyCloak
2.2.1.Final)
Below are application.properties in service for keycloak.
####### Keycloak
keycloak.realm=DEV_Ext
keycloak.auth-server-url=https://kc-lower.****.com/auth
keycloak.ssl-required=external
keycloak.resource=ssoadmin-service
this fails with below exceptions:
o.k.a.BearerTokenRequestAuthenticator - Failed to verify token
org.keycloak.common.VerificationException: Invalid token signature
Is this the right approach ? and whether this is achievable ?
For my application to have one client authenticating with 2.2.1Final
version and another client to get this token validated against 4.4.0.Final
version.
Any pointers will be much appreciated. Please let me know if any
clarifications/additional information needed. Also, if I make both of them
in same version on keycloak the authentication works.
Thanks
Abhijeet
More information about the keycloak-user
mailing list