Dificulties to upgrade from 8 to 11

Keycloak 8 runs perfectly fine with custom federation provider (users from remote database). I am facing the following problem when I upgrade it to 11:
Whenever I log in with the federation use, it asks me to enter the One Time Password (TOTP) after successful username password even though I never configured TOTP for that user.
Additional symptom:

  • when I visit the “accounts” keycloak page with the above federation user, it shows me that “Authenticator” (TOTP) configured. When I click on delete button, it shows me the success message, that it was deleted, but it is there, like no effect of the deletion. See the screenshot below:

Can somebody sugest me direction of investigation?



when I open any of the federation users’ details from keycloak admin panel, I see new credential types provided by the federation provider (in my case the federation provider’s name is JDBC Adapter). It was not in Keycloak 8.

In the meantime I found soultion, I have to disable other credential types than password in fed provider. Code change: in UserStorageProvider:

public boolean supportsCredentialType(String credentialType)
    return credentialType.equals(CredentialModel.PASSWORD);

How did you upgrade from 8 to 11 ?

It is very simple:

  1. Backup kk8 db
  2. Create new db schema for kk11, I called it keycloak11
  3. Start kk11 pointing to new db schema
  4. Import db dump, you previously created from kk8, to db schema keycloak11.
  5. Restart kk11
1 Like