Session Management using keycloak

Question

My legacy application needs to delegate user authentication to 'keycloak' which is a SSO provider. I have a couple of questions

What happens to my legacy session-management? Do I still need to maintain it?
Can 'keycloak' act as my session management server or is it only an authentication system.

You could use the users id (uuid) from the token as a session key and store your session data in some sort of persistent storage — shonky linux user, Dec 16 '16 at 05:05

score 4 · Accepted Answer · answered Dec 22 '16 at 17:34

What happens to my legacy session-management? Do I still need to maintain it?

Answer - It is application dependent and there cannot be one rule to it. In our case we ended up maintaining the session data on the legacy application. Asking KEYCLOAK to manage my session data would have meant, I had to do a lot of changes in the legacy code which would be EOL in a couple of years.

Can 'keycloak' act as my session management server or is it only an authentication system.

Answer - Yes pretty much.

For your second point, do you mean yes to both session management server and authentication system? — jeff, Apr 08 '22 at 20:05

Session Management using keycloak

1 Answers1