We are using offline tokens for our clients, when we login in initially we give tag
"offline" which gets us refresh and access tokens .
1) We use 1.9.8 version of keycloak. We have configured our keycloak realm to set
revoke refresh tokens, which means refresh tokens are revoked once used for refreshing.
2) We have 2 keycloak clusters.
3) Our client initially pointed to KC1 which is old environment .
4) Now the KC1 database and certs are migrated to KC2 our new environment .
5) Client refresh token which it got from old env works on new env, for some clients
where as it does not work for others.
6) What we have found is, we initially stop the keycloka service, migrate data and start
it again. Once migration is done, I check all the tables have right data, which looks
good but after restart we see that it is synching user_entity table with ldap and 3 of the
users are being deleted from user_entity and user_attribute table and hence any tokens
associated with these 3 users are being deleted from the Offline_client_session and
Offline_user_session . At this point I am not clear why it is deleting even though I see
ldap has it.
Any suggestions or help is greatly appreciated.
Show replies by date