[keycloak-dev] Application Clustering problems

Christian Beikov christian.beikov at gmail.com
Mon Jan 25 08:39:10 EST 2016 

The documentation states, that the default token-store is "session" and 
as I wrote before, I have setup clustering on my Wildfly 10 CR4 like in 
standalone-ha.xml, so the session should already be replicated.

Regards,
Christian

Am 25.01.2016 um 14:20 schrieb Stian Thorgersen:
> Your issue doesn't have anything to do with the Keycloak server side 
> user sessions, they don't require sticky sessions.
>
> Your issue is down to the http session on the adapter side not being 
> replicated by default. For the adapter you've got 3 choices: sticky 
> session, replicated session or stateless. Which is best depends on 
> your application.
>
>
> On 25 January 2016 at 14:05, Christian Beikov 
> <christian.beikov at gmail.com <mailto:christian.beikov at gmail.com>> wrote:
>
>     I don't have a problem with sticky sessions and I will
>     definitively configure them, but I am curious. What is the reason
>     for the problems with round robin in this test scenario? Are the
>     infinispan caches not replicated fast enough or is there an
>     implementation limitation in the adapters?
>
>
>     Regards,
>     Christian
>
>
>     Am 25.01.2016 um 08:58 schrieb Stian Thorgersen:
>>     By default the adapters will require sticky sessions, please
>>     refer to
>>     http://keycloak.github.io/docs/userguide/keycloak-server/html/applicationClustering.html
>>     for more information
>>
>>     On 22 January 2016 at 12:48, Christian Beikov
>>     <christian.beikov at gmail.com <mailto:christian.beikov at gmail.com>>
>>     wrote:
>>
>>         Hello,
>>
>>         I am running some tests with my application cluster being
>>         secured by a
>>         single keycloak server instance and I encountered problems
>>         with the adapter.
>>
>>         My application cluster contains 2 nodes and is load balanced
>>         by nginx.
>>         For testing purposes, I enabled round robin load balancing
>>         which is
>>         probably the "cause" for my issues.
>>
>>         When I access a secured page, I get redirected to keycloak and
>>         everything is fine. When I then login, and keycloak redirects
>>         me back to
>>         the application, I get to a different application cluster
>>         node because
>>         of round robin. On that node, apparently the initial
>>         information of the
>>         client session is not available and I get redirected to
>>         keycloak login
>>         page again. Then keycloak redirects me back to the
>>         application, this
>>         time to the original node, and says that access is forbidden.
>>
>>         I suppose the web session caches are not in sync but I just
>>         used the
>>         default cache containers as they are defined in
>>         standalone-ha.xml of my
>>         Wildlfy 10 CR4. Clustering with jgroups works, as I use other
>>         distributed caches too which work just fine.
>>
>>         We are using Keycloak 1.8.0.CR2 on a Wildfly 10 CR4
>>
>>         Regards,
>>         Christian
>>         _______________________________________________
>>         keycloak-dev mailing list
>>         keycloak-dev at lists.jboss.org
>>         <mailto:keycloak-dev at lists.jboss.org>
>>         https://lists.jboss.org/mailman/listinfo/keycloak-dev
>>
>>
>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-dev/attachments/20160125/60b3f5ac/attachment.html

More information about the keycloak-dev mailing list