Keycloak19 Migration
Database Backward Compatibility is not supported on upgrading or downgrading Keycloak from higher to lower version and vice-versa. Before upgrading or downgrading Keycloak, make sure you have a database backup.
Migration
The functional change found in Keycloak 19.0.3 are noted below:
-
Upgraded
Keycloak 15.0.0
toKeycloak 19.0.3
. -
By default the
Keycloak 19.0.3
provided Step-up Authentication feature, this has been disabled for backward compatibility. -
KOBIL based customizations has not been added to Keycloak V2 theme. Hence, Keycloak V2 theme is disabled for Account and Admin console.
-
This version (4.0.0) is based on Wildfly distribution.
Breaking Changes:
-
The Core Keycloak Logout Endpoint has been updated.
-
The Infinispan nodes from
Keycloak 15
cannot co-exist with a higher version of Keycloak nodes. Therefore, rolling update is not possible and require DOWNTIME to remove all Keyclock 15 nodes in order to deploy Keycloak 19 nodes. For further reference (see to:https://github.com/keycloak/keycloak-containers/issues/377) -
The Liquibase version has been updated that results in Database compatibility issues when upgrading to
Keycloak 19
. The JPA checksum generated in the older version has to be manually included in the current Changeset to resolve the compatibility issues. For further reference (see to:https://www.keycloak.org/docs/latest/upgrading/#liquibase-upgraded-to-version-4-6-2) -
Org.apache.commons.lang dependency has been removed from Core Keycloak Modules.
-
If the Cloud Connector methods are consumed in the customer application. Then, the Cloud Connector Client has to be updated mandatorily to
4.1.0_v2
. -
Upload Scripts (upload-scripts) Profile feature has been entirely removed from Keycloak. Clients with Authorization policy cannot be imported anymore through Realm Import. For further (reference to:https://www.keycloak.org/docs/latest/upgrading/#removal-of-the-code-upload-scripts-code-feature)
- The Realm Representation has a new attribute type with two supported values AST and SSMS (Default: SSMS). The realm creation and updation APIs have backward compatibility to skip this attribute in the request, but in the Admin UI, this option must be chosen mandatorily.