Cannot Connect Keycloak docker to mssql database

i’m using a docker image of keycloak and trying to connect to mssql.

I have the database “keycloak” created in the database and here’s my DockerFile



ENTRYPOINT [“/opt/keycloak/bin/”, “start”, “–hostname-strict=false”, “–auto-build”, “–proxy=edge”, “–db=mssql”, “–db-url-host=", "–db-username=”, “–db-password=***”]

When i build and run this, the tables get automatically created in the ‘keycloak’ database. However, after waiting for keycloak to run, it crashes in the cmd and i get errors like

Violation of UNIQUE KEY constraint ‘UK_CLI_SCOPE’. Cannot insert duplicate key in object ‘dbo.CLIENT_SCOPE’

I fixed this error but i still get more endless errors and it never seemed to work. Last error i got was “Cannot start server in developlment/production mode”

Any idea why this is happening? Am i missing anything in the docker file? Any idea if keycloak actually works with mssql??


Can you please explain to me how you fixed the “UK_CLI_SCOPE” issue.

Same here. In my case I’m using a docker-compose.yml with image image: “Quay
I connect to an external mssql server where it creates a database. When the database is filled with seed data I get the same error.

Violation of UNIQUE KEY constraint “UK_CLI_SCOPE”. A duplicate key cannot be inserted into the dbo.CLIENT_SCOPE object. The duplicate key value is (a8be7b83-30ee-4b12-ab6d-3bfd063ea213, role_list).

No data or even tables are created in the database. JPA might do a full rollback because of the primary key error.
I used an environment variable to see -verbose logs: KC_LOG_LEVEL=DEBUG

Is that just happening with sqlserver?
How did you fix it?
is there a problem with the creation script that JPA generates?

I fond a post about how to export the script cloak-database-creation-keycloak.sql. I couldn’t manage to configurate the export with docker-compose environment variables.

Any ideas or help will be very very welcome. :slight_smile:

Trying with DB configuration parameter


does not help?

1 Like

I did use the environment parameter: KC_TRANSACTION_XA_ENABLED=false
It just prevented a warning found in the log, but nothing else.

Any other suggestion?