[keycloak-user] Is a Keycloak server compatible with applications with older adapters ?
Orestis Tsakiridis
orestis.tsakiridis at telestax.com
Thu Mar 10 02:35:07 EST 2016
Understood.
Thanks Stian
On Thu, Mar 10, 2016 at 7:41 AM, Stian Thorgersen <sthorger at redhat.com>
wrote:
> There's no explicit version check. For OpenID Connect there may be changes
> to the token between versions that would cause issues for example. I'd say
> 1.6.1 adapter has a good chance to work with Keycloak 1.9 as I can't
> remember anything we changed that would break it, but without going to
> hundreds of JIRA issues and also testing it there's no way to be sure.
>
> Due to the fast pace we've been having lately we've not been able to test
> or document what adapters will work with what versions of the server. I
> hope we can do this in the future.
>
> On 9 March 2016 at 17:12, Orestis Tsakiridis <
> orestis.tsakiridis at telestax.com> wrote:
>
>> I see.
>>
>> I suppose the fewer keycloak features an application uses the smaller is
>> the exposure to incompatibilities and braking. For example if only the
>> OpenID Connect/Oauth authentication is used and keycloak Admin REST api is
>> avoided chances is that an upgrade won't brake things.
>>
>> Is this the case or an explicit version check prevents an adapter from
>> working at all in case an incompatibility is detected ?
>>
>>
>>
>> On Wed, Mar 9, 2016 at 4:40 PM, Stian Thorgersen <sthorger at redhat.com>
>> wrote:
>>
>>> To make sure everything works as expected you should upgrade both server
>>> and adapters at the same time. I understand this is not always convenient
>>> and we are planning to reduce this restriction in the future.
>>>
>>> On 9 March 2016 at 15:30, Orestis Tsakiridis <
>>> orestis.tsakiridis at telestax.com> wrote:
>>>
>>>> Hello!
>>>>
>>>> Is it possible to secure applications using old adapters (say 1.6.1)
>>>> with a keycloak server of more recent version (say 1.9.0) ?
>>>>
>>>> The question boils down to what is the proper upgrade policy in a
>>>> keycloak secured system with many applications provided by different
>>>> customers. If an application with an old adapter does not work with a newer
>>>> keycloak server then it seems all (both keycloak and applications) should
>>>> be upgraded in a single step.
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> keycloak-user mailing list
>>>> keycloak-user at lists.jboss.org
>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>
>>>
>>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160310/d409a0f6/attachment.html
More information about the keycloak-user
mailing list