[keycloak-user] Is a Keycloak server compatible with applications with older adapters ?

Stian Thorgersen sthorger at redhat.com
Thu Mar 10 00:41:54 EST 2016


There's no explicit version check. For OpenID Connect there may be changes
to the token between versions that would cause issues for example. I'd say
1.6.1 adapter has a good chance to work with Keycloak 1.9 as I can't
remember anything we changed that would break it, but without going to
hundreds of JIRA issues and also testing it there's no way to be sure.

Due to the fast pace we've been having lately we've not been able to test
or document what adapters will work with what versions of the server. I
hope we can do this in the future.

On 9 March 2016 at 17:12, Orestis Tsakiridis <
orestis.tsakiridis at telestax.com> wrote:

> I see.
>
> I suppose the fewer keycloak features an application uses the smaller is
> the exposure to incompatibilities and braking. For example if only the
> OpenID Connect/Oauth authentication is used and keycloak Admin REST api is
> avoided chances is that an upgrade won't brake things.
>
> Is this the case or an explicit version check prevents an adapter from
> working at all in case an incompatibility is detected ?
>
>
>
> On Wed, Mar 9, 2016 at 4:40 PM, Stian Thorgersen <sthorger at redhat.com>
> wrote:
>
>> To make sure everything works as expected you should upgrade both server
>> and adapters at the same time. I understand this is not always convenient
>> and we are planning to reduce this restriction in the future.
>>
>> On 9 March 2016 at 15:30, Orestis Tsakiridis <
>> orestis.tsakiridis at telestax.com> wrote:
>>
>>> Hello!
>>>
>>> Is it possible to secure applications using old adapters (say 1.6.1)
>>> with a keycloak server of more recent version (say 1.9.0) ?
>>>
>>> The question boils down to what is the proper upgrade policy in a
>>> keycloak secured system with many applications provided by different
>>> customers. If an application with an old adapter does not work with a newer
>>> keycloak server then it seems all (both keycloak and applications) should
>>> be upgraded in a single step.
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> _______________________________________________
>>> keycloak-user mailing list
>>> keycloak-user at lists.jboss.org
>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160310/013891b5/attachment.html 


More information about the keycloak-user mailing list