WebAuthn & Docker container


I have my Keycloak server running in a Docker container.
I’ve recently tried enabling WebAuthn authentication based on the official guide (Server Administration Guide), and it was working fine.

However, when the docker container gets restarted or moved, the authentication won’t work anymore.
I get to the screen where it lists the authentication devices, but when I click on the button, I instantly get an error message that the authentication was unsuccessful. It does not even send the auth prompt to the browser.

I assume that keycloak is maybe storing some authentication keys needed for the WebAuthn authentication somewhere on the filesystem that is not persistent.

Does any of you have more details about it?
Maybe know where on the filesystem keycloak stores the data that needs to be persistent?

Keycloak is not persisting anything in a filesystem. The only persistence is the database and the cache (mainly for sessions). WebAuthN config should be stored in the database.
I assume that you use an external database where your data will be persisted, not the build-in dev-db, which is enabled by default.