[keycloak-dev] Mongo Replica Sets

Stian Thorgersen sthorger at redhat.com
Thu Oct 8 05:59:27 EDT 2015 

Please use user mailing list for support

On 8 October 2015 at 10:42, Carsten Saathoff <Carsten.Saathoff at kisters.de>
wrote:

> Hi all,
>
> we are currently setting up a production system that uses keycloak as the
> Identity Provider. We use mongodb as the database for keycloak (since this
> is our main database), but require keycloak to also handle mongodb replica
> sets appropriately. Currently, when the primary changes in a mongo replica
> set, keycloak stops working, since it only connects to a single instance.
>
> I have a version of keycloak that uses a mongodb:// uri[1] to specify the
> mongo connection parameters in the keycloak configuration file. Since
> mongodb:// uris are a standard way of obtaining a mongo client, this
> naturally supports replica sets. The patch is only a couple of lines and
> seems to work. The only issue I have is that the MongoDB update seems to be
> broken in master currently. But this is also the case when I build keycloak
> without my patch, so I assume this to be an unrelated issue.
>
> The commit is available in my keycloak fork:
>
>
> https://github.com/kodemaniak/keycloak/commit/6741dffe38c9c8d9fd8ca1e92cb15762666a607a
>
> Only the setup of the operational attributes is still missing for the
> configuration via uri, but it can easily be added.
>
> I would like to get this somehow into an official release, since I think
> that supporting replica sets is crucial in order to use keycloak with mongo
> in a production setup. Personally I think that specifying mongo connection
> parameters via mongodb:// uris is the most convenient way and it's
> standardized. So it could even be the only way of specifying the connection
> details IMHO.
>
> Since in the contribution section it's encouraged to first discuss such
> ideas on this mailing list prior to sending a pull request, I am sending
> this mail to receive any feedback.
>
> best
>
> Carsten
>
> [1] http://docs.mongodb.org/manual/reference/connection-string/
>
> ------------------------------
> Carsten Saathoff - KISTERS AG - Stau 75 - 26122 Oldenburg - Germany
> Handelsregister Aachen, HRB-Nr. 7838 | Vorstand: Klaus Kisters, Hanns
> Kisters | Aufsichtsratsvorsitzender: Dr. Thomas Klevers
> Phone: +49 441 93602 -257 | Fax: +49 441 93602 -222 | E-Mail:
> Carsten.Saathoff at kisters.de | WWW: http://www.kisters.de
> ------------------------------
> Diese E-Mail enthält vertrauliche und/oder rechtlich geschützte
> Informationen. Wenn Sie nicht der richtige Adressat sind oder diese E-Mail
> irrtümlich erhalten haben, informieren Sie bitte sofort den Absender und
> vernichten Sie diese Mail. Das unerlaubte Kopieren sowie die unbefugte
> Weitergabe dieser Mail ist nicht gestattet.
> This e-mail may contain confidential and/or privileged information. If you
> are not the intended recipient (or have received this e-mail in error)
> please notify the sender immediately and destroy this e-mail. Any
> unauthorised copying, disclosure or distribution of the material in this
> e-mail is strictly forbidden.
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-dev/attachments/20151008/862e29a1/attachment.html

More information about the keycloak-dev mailing list