[keycloak-dev] sticky sessions, clustering, and authentication

mike cirioli mikecirioli at gmail.com
Thu Jun 4 13:28:17 EDT 2015 

For my use case, we use sticky sessions at the F5 layer, but rely on the inifinspan cache replication in order to do rolling updates of our cluster.  Loosing that ability would be a significant impact for us.
-mike


On 6/4/15 2:49 AM, Marek Posolda wrote:
> Question is if the requirement for sticky sessions is not too restrictive? I guess not everyone want to use sticky sessions.
>
> Maybe we should offer both possibilities (in-memory + sticky sessions OR AuthenticationSession saved in infinispan and replicated after each request) ?
>
> Another question is if overhead of current replication is really so bad to introduce another abstraction and increase code complexity?
>
> Marek
>
> On 4.6.2015 01:49, mike cirioli wrote:
>> So sticky sessions would be needed only during the authentication phase, and once complete an underlying clustered session would be created?
>>
>> On Jun 3, 2015 7:00 PM, Bill Burke <bburke at redhat.com> wrote:
>>> I was thinking a bit about performance in a cluster.  Right now a client
>>> session is created whenever login is initiated.  This ends up requiring
>>> the client session to be propagated to the cluster, either through a
>>> database insert/update or an infinispan replication.  Then, with each
>>> authentication/required action step, another insert/update/replication.
>>>
>>> I was thinking we should have an AuthenticationSession that was in
>>> memory only.  Then, once all authentication and required actions are
>>> finished, then create the usersession and client session.  This would
>>> require sticky sessions though with a load balancer.
>>>
>>> --
>>> Bill Burke
>>> JBoss, a division of Red Hat
>>> http://bill.burkecentral.com
>>> _______________________________________________
>>> keycloak-dev mailing list
>>> keycloak-dev at lists.jboss.org
>>> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>> _______________________________________________
>> keycloak-dev mailing list
>> keycloak-dev at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>

-- 
For me there is only the traveling on the paths that have heart, on any path that may have heart. There I travel, and the only worthwhile challenge for me is to traverse its full length. And there I travel—looking,looking, breathlessly.    --- Don Juan Matus

More information about the keycloak-dev mailing list