[keycloak-dev] Is it ok to support multiple managementUrls per application?

Marek Posolda mposolda at redhat.com
Fri Oct 10 11:08:44 EDT 2014


On 10.10.2014 17:07, Marek Posolda wrote:
> The problem I am looking at is sending "Push NotBefore" from keycloak 
> to adapters in cluster. Basically the info about push notBefore should 
> be propagated to all cluster nodes where application is deployed.
>
> ATM I am seeing 2 possibilities:
>
> a) More managementUrls per ApplicationModel. People would need to 
> configure all nodes where adapter is deployed . Then Keycloak ( 
> ResourceAdminManager ) will be able to send "global" events like 
> pushNotBefore or "logoutAll" to all those nodes. "Normal" logouts will 
> be sent just to single node like now .
>
> b) Ensure that notBefore can be replicated on adapters side. I don't 
> like this tbh. It requires adapters to be in replicated cluster, which 
> may not be an option for many deployments, who want to rely just on 
> sticky session.
>
> Any of those is not super-ideal, but I don't have better idea to 
> ensure cluster-safe propagation of NotBefore and global logout to all 
> cluster nodes.
>
> Better ideas?
>
> I have (b) already prototyped and working, but wanted to have ack from 
> you before go further, cleanup, start changing admin console etc.
oops, sorry. I have (a) working (model change to support multiple 
managementUrls)
>
> Marek



More information about the keycloak-dev mailing list