Maybe you sent it twice and one copy was rejected?
On 2 January 2018 at 16:20, Kalidindi, Sai Soma Kala <
Our backup product is using Keycloak for SSO. We are migrating all our
users to a new instance of keycloak in AWS environment. One of the
requirement is all the existing clients which is an agent on the user box
running in background which does backup, should not see any
re-authentication or login window from their end after migration . User
initially login when they have first installed our product and they never
see any login any more(our client is non-intrusive, most users don't ever
remember the login ), we just refresh every 15 minutes get new set of
tokens and so on... and it works for us. We have tested locally where we
have migrated the present keycloak database to our new keycloak aws
instance just by using pg_dump and restore command for database of keycloak
and we made sure the realm, redirect urls , client secrets are exactly
same. We are assuming if everything is exactly the same refresh tokens
should still workand we can avoid the login screen. Is this right a!
In our test what we have found is, we made a DNS swap where the client
initially going the old env gets routed to our new keycloak aws
instance(We did CNAME change on the old env to route traffic to new
environment ). The reason for this Is to make sure our redirect url does
not change and the client could still talk to same old urls it is aware of.
Long story short, old key cloak env and new key cloak env has exactly same
of everything...What we have seen is that the client which is initalliay
pointing to the old env, after the migration and after doing the DNS switch
the old tokens still work on new environment. Once we remove the switch and
when the clients go back to old env the tokens still work. Is this a bug or
is this expected?
keycloak-dev mailing list