Before reporting an issue

[x] I have read and understood the above terms for submitting issues, and I understand that my issue may be closed without action if I do not follow them.

Area

authentication

Describe the bug

Migrating our Keycloak instance from 24.0.5 to 26.1.4 leads to an incomplete non functional Recaptcha configuration.

Version

26.1.4

Regression

[x] The issue is a regression

Expected behavior

Migrating a Keycloak instance from 24.0.5 to 26.1.4 should not break pre-existing Recaptcha configuration.

Actual behavior

Migrating a Keycloak instance from 24.0.5 to 26.1.4 breaks pre-existing Recaptcha configuration.

How to Reproduce?

• start Keycloak 24.0.5
• add a complete Recaptcha configuration
• migrate the instance to Keycloak 26.1.4
• in the admin UI, take a look at the Recaptcha configuration, the secret key field is now blank
• try to use Recaptcha as logging in user, a header says that Recaptcha is required, but not configured

Anything else?

I am pretty sure this was caused by #24223 . Before #24223, the Recaptcha secret key was stored in an attribute named secret. #24223 renamed the attribute to secret.key on the java side, without associating the change with a database migration script.

Renaming manually the attribute in database as follow fixed our issue:

update authenticator_config_entry set name = 'secret.key' where name = 'secret'