[keycloak-user] Keycloak server migration backward compatibility

Vlasta Ramik vramik at redhat.com
Thu Mar 21 08:11:18 EDT 2019 

Hello,

have you checked the documentation for upgrading? 
https://www.keycloak.org/docs/latest/upgrading/index.html

btw. kecloak-server.json was deprecated in 2.2.0 if I remember correctly 
and the migration scripts should do the migration automatically. If it 
is not working for you maybe it could be a bug, in that case please open 
a new ticket to https://issues.jboss.org/projects/KEYCLOAK with steps to 
reproduce if possible, thanks.

On 3/19/19 10:08 PM, Abhijeet Deshpande wrote:
> Hi,
>
>
>
> I’m migrating keycloak version from 2.2.1.Final to Keycloak 4.4.0.Final,
> with an option for backward compatibility. i.e. a bearer token generated by
> UI application on Keycloak 2.2.1.Final, can be authenticated by Service on
> Keycloak 4.4.0.Final keycloak version
>
>
>
> Our application has Angular-UI (ssoadmin-ui) & SpringBoot-Services
> (ssoadmin-service).
>
>
>
> For my migration POC:
>
>     1. Installed Keycloak 4.4.0.Final version on my local, registered both
>     above mentioned clients  in new Keycloak version.
>     2. Modified the key  /src/config/keycloak.json file with latest keycloak
>     settings, below is the keycloak.json
>
> {
>
>      "realm": "Demo",
>
>      "auth-server-url": "http://localhost:8080/auth",
>
>      "ssl-required": "external",
>
>      "resource": "ssoadmin-ui",
>
>      "public-client": true,
>
>      "use-resource-role-mappings": true,
>
>      "confidential-port": 0
>
>    }
>
>     1. With these setting in Angular I’m making call to my service. Service
>     is running on localhost:8082
>     2. My service still points to old keycloak instance (KeyCloak
>     2.2.1.Final)
>
> Below are application.properties in service for keycloak.
>
>
>
> ####### Keycloak
>
> keycloak.realm=DEV_Ext
>
> keycloak.auth-server-url=https://kc-lower.****.com/auth
>
> keycloak.ssl-required=external
>
> keycloak.resource=ssoadmin-service
>
>
>
> this fails with below exceptions:
>
> o.k.a.BearerTokenRequestAuthenticator - Failed to verify token
> org.keycloak.common.VerificationException: Invalid token signature
>
>
>
> Is this the right approach ? and whether this is achievable ?
>
> For my application to have one client authenticating with 2.2.1Final
> version and another client to get this token validated against 4.4.0.Final
> version.
>
>
>
> Any pointers will be much appreciated. Please let me know if any
> clarifications/additional information needed. Also, if I make both of them
> in same version on keycloak the authentication works.
>
>
>
>
>
> Thanks
>
> Abhijeet
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user

More information about the keycloak-user mailing list