Keycloak Authentication Issue During Version Upgrade (v11 to v26.0.0)

Problem Description:

While upgrading Keycloak from version 11 to version 26.0.0 and importing the existing realm and client configuration, I’m experiencing unexpected authentication redirect behaviors:

  • Authentication redirect URI is being appended with an issuer identifier
  • Token endpoint is being repeatedly hit
  • Authentication flow is not completing smoothly

Specific Observations:

  • Redirect URI: http://localhost:3000/individual/dashboard
  • Appended URI: #iss=http%3A%2F%2Flocalhost%3A9090%2Frealms%2F<realm_name>
  • Authentication flow is disrupted during migration

Environment:

  • Upgrade Path: Keycloak v11 → v26.0.0
  • Migration Method: Imported existing realm and client configurations
  • React Frontend
  • Authentication Library: keycloak-js
  • Realm: PaisaPlan
  • Client ID: PaisaPlanBackend

Current Configuration:

const initOptions = {
  url: `${process?.env?.REACT_APP_KEYCLOAK_URL}/`,
  realm: `${process?.env?.REACT_APP_KEYCLOAK_REALM}`,
  clientId: `${process?.env?.REACT_APP_KEYCLOAK_CLIENT_ID}`,
  onLoad: 'login-required',
  checkLoginIframe: false,
  flow: 'standard',
  redirectUri: 'http://localhost:3000/individual/dashboard'
}

Potential Migration-Related Concerns:

  • Configuration compatibility between v11 and v26.0.0
  • Changes in authentication flow or redirect handling
  • Imported client settings may not be fully compatible

Seeking Help:

  • Guidance on smooth Keycloak version migration
  • Resolving authentication redirect issues
  • Verifying client and realm configuration compatibility
  • Preventing unexpected URI appending and repeated token calls

Additional Context:

  • Realm and client configurations were directly imported from v11
  • Using React frontend with keycloak-js for authentication