[keycloak-dev] Is it ok to support multiple managementUrls per application?
Marek Posolda
mposolda at redhat.com
Fri Oct 10 11:07:47 EDT 2014
The problem I am looking at is sending "Push NotBefore" from keycloak to
adapters in cluster. Basically the info about push notBefore should be
propagated to all cluster nodes where application is deployed.
ATM I am seeing 2 possibilities:
a) More managementUrls per ApplicationModel. People would need to
configure all nodes where adapter is deployed . Then Keycloak (
ResourceAdminManager ) will be able to send "global" events like
pushNotBefore or "logoutAll" to all those nodes. "Normal" logouts will
be sent just to single node like now .
b) Ensure that notBefore can be replicated on adapters side. I don't
like this tbh. It requires adapters to be in replicated cluster, which
may not be an option for many deployments, who want to rely just on
sticky session.
Any of those is not super-ideal, but I don't have better idea to ensure
cluster-safe propagation of NotBefore and global logout to all cluster
nodes.
Better ideas?
I have (b) already prototyped and working, but wanted to have ack from
you before go further, cleanup, start changing admin console etc.
Marek
More information about the keycloak-dev
mailing list