Flush or delete users from pre-registration realm in 1.1.3
Problem
Pre-registration version 1.1.3 or previous uses keycloak for creating pre-registration user sessions when an OTP request is made from pre-registration. This increases the pre-registration database size when there are many users logging into the pre-registration application.
Solution
Please follow the below steps to delete or flush the pre-registration users from keycloak.
Note all the realm settings for Pre-registration (especially, token expiry times etc.)
Stop keycloak service by deleting the helm chart
Drop keycloak database
Create main.yml, https://github.com/mosip/mosip-infra/blob/1.1.3/deployment/sandbox-v2/roles/keycloak-init/defaults/main.yml with the below contents
keycloak_mosip_realms: - {realm_id: 'master', realm_file: 'realms/realm_master.json'} # Only to update Master settings - {realm_id: 'preregistration', realm_file: 'realms/realm_prereg.json'} # IMPORTANT: If the client secret is changed below make sure you update the corresponding property in the property files of config-server. keycloak_mosip_clients: - {realm_id: 'preregistration', client_id: 'mosip-prereg-client', secret: 'abc123'} keycloak_mosip_roles: # Currently, all rolese belong to a realm (not to any client) - {realm_id: 'preregistration', client_id: '', role_name: 'INDIVIDUAL'} - {realm_id: 'preregistration', client_id: '', role_name: 'AUTH'} - {realm_id: 'preregistration', client_id: '', role_name: 'PRE_REGISTRATION_ADMIN'} - {realm_id: 'preregistration', client_id: '', role_name: 'PREREG'} - {realm_id: 'preregistration', client_id: '', role_name: 'REGISTRATION_PROCESSOR'} keycloak_mosip_users: [] # Assumption "username.json" exists with same username inside keycloak_mosip_user_role_map: # allrolesuser - {realm_id: 'preregistration', username: 'service-account-mosip-prereg-client', role_name: 'INDIVIDUAL'} - {realm_id: 'preregistration', username: 'service-account-mosip-prereg-client', role_name: 'PRE_REGISTRATION_ADMIN'} - {realm_id: 'preregistration', username: 'service-account-mosip-prereg-client', role_name: 'PREREG'} - {realm_id: 'preregistration', username: 'service-account-mosip-prereg-client', role_name: 'REGISTRATION_PROCESSOR'}
Update this JSON file https://github.com/mosip/mosip-infra/blob/1.1.3/deployment/sandbox-v2/roles/keycloak-init/files/realms/realm_prereg.json with production settings.
Run playbooks/keycloak.yml
As stated above this issue occurs in pre-registration on 1.1.3 or versions prior to 1.1.3. In all future versions of MOSIP we are not storing user sessions in keycloak.