[keycloak-user] Keycloak server migration backward compatibility
Vlasta Ramik
vramik at redhat.com
Thu Mar 21 08:11:18 EDT 2019
Hello,
have you checked the documentation for upgrading?
https://www.keycloak.org/docs/latest/upgrading/index.html
btw. kecloak-server.json was deprecated in 2.2.0 if I remember correctly
and the migration scripts should do the migration automatically. If it
is not working for you maybe it could be a bug, in that case please open
a new ticket to https://issues.jboss.org/projects/KEYCLOAK with steps to
reproduce if possible, thanks.
On 3/19/19 10:08 PM, Abhijeet Deshpande wrote:
> Hi,
>
>
>
> I’m migrating keycloak version from 2.2.1.Final to Keycloak 4.4.0.Final,
> with an option for backward compatibility. i.e. a bearer token generated by
> UI application on Keycloak 2.2.1.Final, can be authenticated by Service on
> Keycloak 4.4.0.Final keycloak version
>
>
>
> Our application has Angular-UI (ssoadmin-ui) & SpringBoot-Services
> (ssoadmin-service).
>
>
>
> For my migration POC:
>
> 1. Installed Keycloak 4.4.0.Final version on my local, registered both
> above mentioned clients in new Keycloak version.
> 2. Modified the key /src/config/keycloak.json file with latest keycloak
> settings, below is the keycloak.json
>
> {
>
> "realm": "Demo",
>
> "auth-server-url": "http://localhost:8080/auth",
>
> "ssl-required": "external",
>
> "resource": "ssoadmin-ui",
>
> "public-client": true,
>
> "use-resource-role-mappings": true,
>
> "confidential-port": 0
>
> }
>
> 1. With these setting in Angular I’m making call to my service. Service
> is running on localhost:8082
> 2. My service still points to old keycloak instance (KeyCloak
> 2.2.1.Final)
>
> Below are application.properties in service for keycloak.
>
>
>
> ####### Keycloak
>
> keycloak.realm=DEV_Ext
>
> keycloak.auth-server-url=https://kc-lower.****.com/auth
>
> keycloak.ssl-required=external
>
> keycloak.resource=ssoadmin-service
>
>
>
> this fails with below exceptions:
>
> o.k.a.BearerTokenRequestAuthenticator - Failed to verify token
> org.keycloak.common.VerificationException: Invalid token signature
>
>
>
> Is this the right approach ? and whether this is achievable ?
>
> For my application to have one client authenticating with 2.2.1Final
> version and another client to get this token validated against 4.4.0.Final
> version.
>
>
>
> Any pointers will be much appreciated. Please let me know if any
> clarifications/additional information needed. Also, if I make both of them
> in same version on keycloak the authentication works.
>
>
>
>
>
> Thanks
>
> Abhijeet
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
More information about the keycloak-user
mailing list