[keycloak-dev] Migrating Keycloak to AWS environment

Stian Thorgersen sthorger at redhat.com
Tue Jan 2 13:43:38 EST 2018

It was posted:

Maybe you sent it twice and one copy was rejected?

On 2 January 2018 at 16:20, Kalidindi, Sai Soma Kala <
sai-soma-kala.kalidindi at microfocus.com> wrote:

> Hi,
> Our backup product is using Keycloak for SSO. We are migrating all our
> users to a new instance of keycloak in AWS environment. One of the
> requirement is all the existing clients which is an agent on the user box
> running in background which does backup, should not see any
> re-authentication or login window from their end after migration . User
> initially login when they have first installed our product and they never
> see any login any more(our client is non-intrusive, most users don't ever
> remember the login ), we just refresh every 15 minutes get new set of
> tokens and so on... and it works for us.  We have tested locally where we
> have migrated the present keycloak database to our new keycloak aws
> instance just by using pg_dump and restore command for database of keycloak
> and we made sure the realm, redirect urls , client secrets are exactly
> same. We are assuming if everything is exactly the same refresh tokens
> should still workand we can avoid the login screen. Is this right a!
>  ssumption?
> In our test what we have found is, we made a DNS swap where the client
> initially going  the old env  gets routed to our new keycloak aws
> instance(We did CNAME  change on the old env to route traffic to new
> environment ). The reason for this  Is to make sure our redirect url does
> not change and the client could still talk to same old urls it is aware of.
> Long story short, old key cloak env and new key cloak env has exactly same
> of everything...What we have seen is that the  client which is initalliay
> pointing to the old env, after the migration and after doing the DNS switch
> the old tokens still work on new environment. Once we remove the switch and
> when the clients go back to old env the tokens still work. Is this a bug or
> is this expected?
> Thanks,
> Sai.
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev

More information about the keycloak-dev mailing list