Odp: Re: DB from MongoDB to PostgreSQL migration, how?
by K K
OK,
MongoDB version is 3.2.16, also tried with 3.6.4.
This is my keycloak-server.json config:
https://pastebin.com/vx8ip8Z1
It is working fine with 1.9.8, I am able to export both to single JSON file as well as to directory. Exported file/folder contain all realms and user accounts.
Now, when I am trying to run 2.0.0 against the same config, it gives me following error during the startup:
https://pastebin.com/BNjXQ5ac
similar error appears with 2.1.0:
https://pastebin.com/TJUE83Fa
And then it is working back again with 2.4.0 (still against the same config file), but export DB grows from 3.7MB to 76MB. Events collection is the biggest one - 65MB. And then both 2.5.0 and 2.5.5 won't see realms, no matter which version of Mongo-java driver is used, bundled 3.2.0 or 3.2.1.
https://pastebin.com/LqFHYcJu
However, I can see user accounts and realms in .bson file.
Any idea?
brgds,
Dnia Wtorek, 1 Sierpnia 2017 18:17 Bill Burke <bburke(a)redhat.com> napisał(a)
> export/import is the only way. Migrating from 1.9.8 to 2.5.5, then
> doing the export might be the trick. At least from a product
> perspective we'll need to support migration from 1.9.8->2.5.5->3.x so
> please post your export/import errors.
>
>
> On 8/1/17 10:27 AM, K K wrote:
> > Hi,
> > I am struggling with Keycloak migration from version 1.9.8 to the latest one. Currently I am at 2.4.0 and still MongoDB. Is there any built-in tool to migrate MongoDB db to PostgreSQL?
> >
> > I have tried import and then export, but it doesn't work or I did mistake somewhere.
> >
> >
> > _______________________________________________
> > keycloak-user mailing list
> > keycloak-user(a)lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/keycloak-user
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
7 years, 5 months
kc_idp_hint working as expected in 3.2.0?
by Nathan Hoult
According to the documentation here:
https://keycloak.gitbooks.io/documentation/securing_apps/topics/oidc/java...
with an identity provider named 'google' I should be able to call:
/auth/realms/<Realm>/protocol/openid-connect/auth?client_id=<client
id>&state=<state>&redirect_uri=<a
url>&scope=openid&response_type=code&kc_idp_hint=google
and I shouldn't see the KC login page. After ~2 days of testing it seems
kc_idp_hint works the first time as long as no cookies are set but once I
visit the KC login page the kc_idp_hint no longer works. NOTE: setting a
default Identity Provider Redirector works just fine it seems.
Steps to reproduce:
1) go to /auth/realms/<Realm>/account
2) clear KC server cookies
3) append to the /auth URL: &kc_idp_hint=<a valid idp>
4) logs you in or at least see the idp login page
5) log out of KC
6) without clearing cookies try step #3
7) see KC login page <- bug?
My research (KC 3.2.0 git):
Identity Provider Redirector checks for the kc_idp_hint at
org.keycloak.authentication.authenticators.browser.IdentityProviderAuthenticator:44
and is run from org.keycloak.authentication.DefaultAuthenticationFlow:200
but once KC has set a cookie it exits out of the DefaultAuthenticationFlow
at line 156 because line 110 has the IdentityProviderAuthenticator set as
AuthenticationSessionModel.ExecutionStatus.ATTEMPTED. It never ends up
running the IdentityProviderAuthenticator:44 and instead goes into the
login flow which returns HTML.
My workaround:
I added javascript to the login theme that looks for param "kc_idp_hint",
if it exists hide the whole page, then onload() look for element
id="zocial-<kc_idp_hint value>". If the element is found: click(), else:
reveals the page. I don't like this because 1) you can't hide idp, 2) takes
a little longer 3) can't override default idp with blank 4) just seems like
the wrong place to do it.
So, is this a bug or am I misunderstanding kc_idp_hint? If it is a bug I
find the code a little confusing though starting to make more sense but
maybe someone more familiar with it could fix it much faster than me?
Thank you!
7 years, 5 months
KeyCloak 3.1.0 on OpenShift randomly unresponsive
by Anton Arntz
We are currently facing an issue on our production environment in which the KeyCloak server becomes unresponsive at (what still looks like) random.
Tried to look into memory, cpu load and disk usage of the specific OpenShift gear and gone through all of the logs but nothing out of the ordinary could be found.
Looks like the application continues to run and still keeps logging, but none of the customers (realms) is able to login anymore.
Has anyone experienced the same with this KeyCloak version?
Kind regards,
Anton Arntz
7 years, 5 months