Legacy System to Keycloak Migration Strategy

We have an existing legacy system (spring controllers and pojo’s running in tomcat against a postgres backend) that uses a home-grown authentication and authorization system and we would like to join the 21st century and transition to a OpenID/Oauth IDP such as Keycloak. We have 10s of thousands of pre-existing users.

Are there any HOWTOs or videos that describe some recommendations as to how to accomplish this most successfully? Thanks in advance for any help and/or suggestions. Much appreciated.

1 Like


we had a very similar task to fulfill by changing the authentication of a legacy system (with a user base of > 2m) to using OpenID-Connect provided by Keycloak.

To be able to use the legacy’s user storage we implemented Keycloak’s User Storage SPI from where we read and validated credentials against our existing database.
We didn’t migrate any of the existing users into the Keycloak database schema.

Hi there,

you can check this [1] blog post, it might help…

[1] https://medium.com/@olgaatsmartling/migrate-to-keycloak-with-zero-downtime-74d4997d91ad