Backup & Restore Keycloak Easy Way

Finding solution this morning and figure out this can be pretty handy.

  1. Run command below:
    ./bin/ \
    -Dkeycloak.migration.action=export \
    -Dkeycloak.migration.provider=singleFile \

    In my case, i override few parameter as my keycloak is running.

    ./bin/ -P ./standalone/configuration/ \
    -Djboss.http.port=8090 \
    -Djboss.https.port=8098 \ \ \
    -Dkeycloak.migration.action=export \
    -Dkeycloak.migration.provider=singleFile \


  2. Once you get the backup file, you can selectively import from your admin console.

source from:


Deploy Keycloak With Custom Context Path in Kubernetes With Ingress

New to this and spend a day to figured out, perhaps this will help some of you.

1. Prepare your k8s template yaml.

apiVersion: extensions/v1beta1
kind: Ingress
  annotations: /<CUSTOM_CONTEXT_PATH>/auth/
  name: keycloak-ingress
  - host:
      - path: /<CUSTOM_CONTEXT_PATH>/auth/
          serviceName: keycloak-service
          servicePort: 9000
  - hosts:
    secretName: keycl-secret

2. Update web-context in <KEYCLOAK_HOME>/standalone/configuration/standalone.xml, standalone-ha.xml, or domain.xml depending on your operating mode.

<subsystem xmlns="urn:jboss:domain:keycloak-server:1.1">

3. Add proxy-address-forwarding under http-listerner in <KEYCLOAK_HOME>/standalone/configuration/standalone.xml, standalone-ha.xml, or domain.xml depending on your operating mode.

<subsystem xmlns="urn:jboss:domain:undertow:6.0">
    <http-listener name="default" socket-binding="http"

4. Update index.html in <KEYCLOAK_HOME>welcome-content/index.html

    <meta http-equiv="refresh" content="0; url=/<CUSTOM_CONTEXT_PATH>/auth/" />
    <meta name="robots" content="noindex, nofollow">
    <script type="text/javascript">
        window.location.href = "/<CUSTOM_CONTEXT_PATH>/auth/"
    If you are not redirected automatically, follow this <a href='<CUSTOM_CONTEXT_PATH>/auth'>link</a>.



Keycloak Invalid parameter: redirect_uri

In case you also facing the same issue, may try 2 approaches as below:

1. If you are using Ingress in Kubernetes, you may need to add proxy-address-forwarding as below in standalone.xml, standalone-ha.xml, or domain.xml depending on your operating mode.

2. Set ‘*” for Valid Redirect URL (this is temporary hack, still figuring out why)

Credit to