<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
I just wrote that I configured clustering for my application just
like in the standlone-ha.xml of my Wildfly 10 CR4.<br>
I configured the jgroups subsystem and the distributed caches for
web sessions as it is done in standalone-ha.xml of Wildfly.<br>
If there is anything else that should be configured, can you please
point me to that configuration option?<br>
<br>
Regards,<br>
Christian<br>
<br>
<div class="moz-cite-prefix">Am 25.01.2016 um 15:45 schrieb Stian
Thorgersen:<br>
</div>
<blockquote
cite="mid:CAJgngAcwbmxgz=Dke0f-hKLW1BzJ2HG1AtJf+FJY0fn=KqiR_Q@mail.gmail.com"
type="cite">
<div dir="ltr">HTTP session replicate is not enabled by default.
You need to enable it for your application.</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On 25 January 2016 at 14:39, Christian
Beikov <span dir="ltr"><<a moz-do-not-send="true"
href="mailto:christian.beikov@gmail.com" target="_blank">christian.beikov@gmail.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000"> The documentation
states, that the default token-store is "session" and as I
wrote before, I have setup clustering on my Wildfly 10 CR4
like in standalone-ha.xml, so the session should already
be replicated.<br>
<br>
Regards,<br>
Christian
<div>
<div class="h5"><br>
<br>
<div>Am 25.01.2016 um 14:20 schrieb Stian Thorgersen:<br>
</div>
<blockquote type="cite">
<div dir="ltr">Your issue doesn't have anything to
do with the Keycloak server side user sessions,
they don't require sticky sessions.
<div><br>
</div>
<div>Your issue is down to the http session on the
adapter side not being replicated by default.
For the adapter you've got 3 choices: sticky
session, replicated session or stateless. Which
is best depends on your application.
<div><br>
<div><br>
<div class="gmail_extra">
<div class="gmail_quote">On 25 January
2016 at 14:05, Christian Beikov <span
dir="ltr"><<a
moz-do-not-send="true"
href="mailto:christian.beikov@gmail.com"
target="_blank"><a class="moz-txt-link-abbreviated" href="mailto:christian.beikov@gmail.com">christian.beikov@gmail.com</a></a>></span>
wrote:<br>
<blockquote class="gmail_quote"
style="margin:0 0 0
.8ex;border-left:1px #ccc
solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
I don't have a problem with sticky
sessions and I will definitively
configure them, but I am curious.
What is the reason for the problems
with round robin in this test
scenario? Are the infinispan caches
not replicated fast enough or is
there an implementation limitation
in the adapters?</div>
</blockquote>
<blockquote class="gmail_quote"
style="margin:0 0 0
.8ex;border-left:1px #ccc
solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
<br>
Regards,<br>
Christian
<div>
<div><br>
<br>
<div>Am 25.01.2016 um 08:58
schrieb Stian Thorgersen:<br>
</div>
<blockquote type="cite">
<div dir="ltr">By default the
adapters will require sticky
sessions, please refer to <a
moz-do-not-send="true"
href="http://keycloak.github.io/docs/userguide/keycloak-server/html/applicationClustering.html"
target="_blank"><a class="moz-txt-link-freetext" href="http://keycloak.github.io/docs/userguide/keycloak-server/html/applicationClustering.html">http://keycloak.github.io/docs/userguide/keycloak-server/html/applicationClustering.html</a></a>
for more information</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On
22 January 2016 at 12:48,
Christian Beikov <span
dir="ltr"><<a
moz-do-not-send="true"
href="mailto:christian.beikov@gmail.com" target="_blank"><a class="moz-txt-link-abbreviated" href="mailto:christian.beikov@gmail.com">christian.beikov@gmail.com</a></a>></span>
wrote:<br>
<blockquote
class="gmail_quote"
style="margin:0 0 0
.8ex;border-left:1px
#ccc
solid;padding-left:1ex">Hello,<br>
<br>
I am running some tests
with my application
cluster being secured by
a<br>
single keycloak server
instance and I
encountered problems
with the adapter.<br>
<br>
My application cluster
contains 2 nodes and is
load balanced by nginx.<br>
For testing purposes, I
enabled round robin load
balancing which is<br>
probably the "cause" for
my issues.<br>
<br>
When I access a secured
page, I get redirected
to keycloak and<br>
everything is fine. When
I then login, and
keycloak redirects me
back to<br>
the application, I get
to a different
application cluster node
because<br>
of round robin. On that
node, apparently the
initial information of
the<br>
client session is not
available and I get
redirected to keycloak
login<br>
page again. Then
keycloak redirects me
back to the application,
this<br>
time to the original
node, and says that
access is forbidden.<br>
<br>
I suppose the web
session caches are not
in sync but I just used
the<br>
default cache containers
as they are defined in
standalone-ha.xml of my<br>
Wildlfy 10 CR4.
Clustering with jgroups
works, as I use other<br>
distributed caches too
which work just fine.<br>
<br>
We are using Keycloak
1.8.0.CR2 on a Wildfly
10 CR4<br>
<br>
Regards,<br>
Christian<br>
_______________________________________________<br>
keycloak-dev mailing
list<br>
<a
moz-do-not-send="true"
href="mailto:keycloak-dev@lists.jboss.org" target="_blank"><a class="moz-txt-link-abbreviated" href="mailto:keycloak-dev@lists.jboss.org">keycloak-dev@lists.jboss.org</a></a><br>
<a
moz-do-not-send="true"
href="https://lists.jboss.org/mailman/listinfo/keycloak-dev"
rel="noreferrer"
target="_blank"><a class="moz-txt-link-freetext" href="https://lists.jboss.org/mailman/listinfo/keycloak-dev">https://lists.jboss.org/mailman/listinfo/keycloak-dev</a></a><br>
</blockquote>
</div>
<br>
</div>
</blockquote>
<br>
</div>
</div>
</div>
</blockquote>
</div>
<br>
</div>
</div>
</div>
</div>
</div>
</blockquote>
<br>
</div>
</div>
</div>
</blockquote>
</div>
<br>
</div>
</blockquote>
<br>
</body>
</html>