Problem Description:
While upgrading Keycloak from version 11 to version 26.0.0 and importing the existing realm and client configuration, I’m experiencing unexpected authentication redirect behaviors:
- Authentication redirect URI is being appended with an issuer identifier
- Token endpoint is being repeatedly hit
- Authentication flow is not completing smoothly
Specific Observations:
- Redirect URI:
http://localhost:3000/individual/dashboard
- Appended URI:
#iss=http%3A%2F%2Flocalhost%3A9090%2Frealms%2F<realm_name>
- Authentication flow is disrupted during migration
Environment:
- Upgrade Path: Keycloak v11 → v26.0.0
- Migration Method: Imported existing realm and client configurations
- React Frontend
- Authentication Library: keycloak-js
- Realm: PaisaPlan
- Client ID: PaisaPlanBackend
Current Configuration:
const initOptions = {
url: `${process?.env?.REACT_APP_KEYCLOAK_URL}/`,
realm: `${process?.env?.REACT_APP_KEYCLOAK_REALM}`,
clientId: `${process?.env?.REACT_APP_KEYCLOAK_CLIENT_ID}`,
onLoad: 'login-required',
checkLoginIframe: false,
flow: 'standard',
redirectUri: 'http://localhost:3000/individual/dashboard'
}
Potential Migration-Related Concerns:
- Configuration compatibility between v11 and v26.0.0
- Changes in authentication flow or redirect handling
- Imported client settings may not be fully compatible
Seeking Help:
- Guidance on smooth Keycloak version migration
- Resolving authentication redirect issues
- Verifying client and realm configuration compatibility
- Preventing unexpected URI appending and repeated token calls
Additional Context:
- Realm and client configurations were directly imported from v11
- Using React frontend with keycloak-js for authentication