Q&A: Why does the 'keycloak domain config version' differ from my 'keycloak app version'?

Question

When manually migrating the configuration of the Keycloak app after an app update, I get the response:

$ univention-keycloak upgrade-config
Nothing to do, already at domain config version 22.0.3-ucs2

but my Keycloak version is actually different:

$ udm appcenter/app list --filter univentionAppID=keycloak* --properties version
univentionAppID=keycloak*
DN: univentionAppID=keycloak_24.0.5-ucs2,cn=keycloak,cn=apps,cn=univention,dc=tierheim,dc=intranet
  version: 24.0.5-ucs2

Why is there a difference between the domain config version and the app version ?

Answer

An update of the domain config version is only necessary if a domain-wide part of the Keycloak configuration needs to be changed, e.g. the connection and authentication settings or a change to the UCS realm. However, this is not always (with every app update) the case.
If the domain config version is changed during a Keycloak app update then the univention-keycloak upgrade-config command would perform the migration as expected. The domain config version will therefore only be congruent with the Keycloak version if a Keycloak app update has just taken place that has raised the domain config version, e.g. keycloak=28.0.1-ucs1 could bring a change that leads to domain_config_version: 28.0.1-ucs1. You can use the following command to display which version of the domain config was the initial one, as well as the current one:

univention-keycloak domain-config --get --json | grep domain

This topic was automatically closed after 24 hours. New replies are no longer allowed.

Mastodon