[keycloak-dev] sticky sessions
Stian Thorgersen
sthorger at redhat.com
Wed Dec 2 09:45:23 EST 2015
Not sure what you mean about code 2 token could have a callback uri?
On 2 December 2015 at 15:34, Bill Burke <bburke at redhat.com> wrote:
> IMO, we need to highlight and document that when using a load balancer
> in a cluster, sticky sessions should be enabled. We might even want to
> consider adding support for sticky sessions for the code2token flow.
> The obvious reason is performance. Login can span multiple HTTP
> requests. If you have N nodes in the cluster with no clustering you
> have the possibility of the same user being retrieved from the database
> N times. One time for each authentication request (username/password,
> OTP page, required actions) and finally for the code 2 token request.
> Until I look into fixing it the auth SPI does a few extra redirects
> right now too.
>
> Code 2 token could simply have a callback URI so that the code 2 token
> request hits the same machine the code was created on.
>
>
>
> --
> Bill Burke
> JBoss, a division of Red Hat
> http://bill.burkecentral.com
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-dev/attachments/20151202/3020fb1e/attachment-0001.html
More information about the keycloak-dev
mailing list