[keycloak-dev] sticky sessions for UserSession

Bill Burke bburke at redhat.com
Tue Sep 23 07:24:36 EDT 2014


Failures should be a rare event and performance is more important than 
session retention, IMO.  Replication is an expensive luxury and is not a 
requirement for failover.  We just need to ensure that users can relogin 
on a node failure.

On 9/23/2014 3:09 AM, Marek Posolda wrote:
> I think that generally there are 2 main purposes of clustering:
> a) scalability and better performance (ideally n-times better
> performance with n nodes in cluster)
> b) failover
>
> With in-memory session you will achieve (a), but (b) won't be addressed.
> So if you have 2 keycloak nodes and you kill node-1, then all
> UserSessions on node-1 will be lost and users would need to relogin. IMO
> Sticky sessions are good, but there is still need to replicate sessions
> (at least to 1 additional cluster node) if you want to address failover.
> Or am I just not understand correctly what you meant?
>
> Marek
>
> On 22.9.2014 22:14, Bill Burke wrote:
>> Was thinking about clustering.  Sticky sessions combined with in-memory
>> only UserSessions might be best for clustering.  We'll need to change
>> access code processing so that it is a) signed and b) contains the
>> callback URL.  In looking at SAML, it jsut seems we need to have the
>> notion of an HttpSession and the idea of loading this session from a
>> database (or even a clustered cache) doesn't seem very feasible or
>> scalable.
>

-- 
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com


More information about the keycloak-dev mailing list