[keycloak-user] Problem with Keys
Karol Buler
K.Buler at adbglobal.com
Wed Jan 3 04:34:14 EST 2018
We don't (re)import anything after rebooting. As I said the only thing
we do is adding our User Federation. Is it possible that Keycloak
regenerate Keys while User Federation injecting? In other hand... where
those keys are stored? I mean which table in DB?
On 03.01.2018 09:08, Marek Posolda wrote:
> On 02/01/18 17:47, Karol Buler wrote:
>> Hi Marek,
>>
>> thanks for the response!
>>
>> Of course we use specific docker image (at this moment
>> jboss/keycloak-postgres:3.2.1.Final), so database is persistent, but
>> (checked twice) RSA and also HMAC from "Realm settings -> Keys" are
>> different after rebooting the Keycloak's docker. The only additional
>> thing we do in dockerfile is adding our User Federation's provider.
>> Do you see any mistake that we could do?
> I guess you may do import (or reimport) of the realm after the reboot?
> Re-import will always generate new keys by default. You can either
> skip re-import or if skip re-import is really needed, then you may
> need to use different key provider, and perhaps hardcode the keys
> instead of always generate them.
>
> Marek
>>
>> Karol
>>
>>
>> On 02.01.2018 17:21, Marek Posolda wrote:
>>> Hi,
>>>
>>> isn't the problem that your whole database is always "restarted"
>>> during each keycloak reboot? Or that you always force reimport
>>> things? If you use docker image pointed to shared database, you
>>> won't see this problem though. We have docker images for databases
>>> like PostgreSQL, MySQL AFAIR.
>>>
>>> Marek
>>>
>>> On 02/01/18 10:27, Karol Buler wrote:
>>>> Hi Keycloak community!
>>>>
>>>> At the beginning I would wish you a Happy New Year! :)
>>>>
>>>> About the problem... If we run Keycloak as a docker, every time
>>>> Keycloak
>>>> is rebooted the Keys (Realm Setting -> Keys) are generated again.
>>>> Result
>>>> is that each application which use Keycloak's adapter throws "Didn't
>>>> find publicKey for specified kid" error. This error occurs because the
>>>> Keys are not rotated in right way, and application does not know about
>>>> the rotation.
>>>>
>>>> Have you met this problem? What is your workaround? Is it an issue?
>>>>
>>>> Best regards,
>>>> Karol
>>>>
>>>> [https://www.adbglobal.com/wp-content/uploads/adb.png]
>>>> adbglobal.com<https://www.adbglobal.com>
>>>>
>>>> _______________________________________________
>>>> keycloak-user mailing list
>>>> keycloak-user at lists.jboss.org
>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>
>>>
>>
>
More information about the keycloak-user
mailing list