<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
The documentation states, that the default token-store is "session"
and as I wrote before, I have setup clustering on my Wildfly 10 CR4
like in standalone-ha.xml, so the session should already be
replicated.<br>
<br>
Regards,<br>
Christian<br>
<br>
<div class="moz-cite-prefix">Am 25.01.2016 um 14:20 schrieb Stian
Thorgersen:<br>
</div>
<blockquote
cite="mid:CAJgngAdzqGzwQOE92-Y=gXAEBSv9_SmvjL-VuViN7JxbVjZbGg@mail.gmail.com"
type="cite">
<div dir="ltr">Your issue doesn't have anything to do with the
Keycloak server side user sessions, they don't require sticky
sessions.
<div><br>
</div>
<div>Your issue is down to the http session on the adapter side
not being replicated by default. For the adapter you've got 3
choices: sticky session, replicated session or stateless.
Which is best depends on your application.
<div><br>
<div><br>
<div class="gmail_extra">
<div class="gmail_quote">On 25 January 2016 at 14:05,
Christian Beikov <span dir="ltr"><<a
moz-do-not-send="true"
href="mailto:christian.beikov@gmail.com"
target="_blank"><a class="moz-txt-link-abbreviated" href="mailto:christian.beikov@gmail.com">christian.beikov@gmail.com</a></a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000"> I don't have
a problem with sticky sessions and I will
definitively configure them, but I am curious.
What is the reason for the problems with round
robin in this test scenario? Are the infinispan
caches not replicated fast enough or is there an
implementation limitation in the adapters?</div>
</blockquote>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000"> <br>
Regards,<br>
Christian
<div>
<div class="h5"><br>
<br>
<div>Am 25.01.2016 um 08:58 schrieb Stian
Thorgersen:<br>
</div>
<blockquote type="cite">
<div dir="ltr">By default the adapters will
require sticky sessions, please refer to <a
moz-do-not-send="true"
href="http://keycloak.github.io/docs/userguide/keycloak-server/html/applicationClustering.html"
target="_blank"><a class="moz-txt-link-freetext" href="http://keycloak.github.io/docs/userguide/keycloak-server/html/applicationClustering.html">http://keycloak.github.io/docs/userguide/keycloak-server/html/applicationClustering.html</a></a>
for more information</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On 22 January
2016 at 12:48, Christian Beikov <span
dir="ltr"><<a
moz-do-not-send="true"
href="mailto:christian.beikov@gmail.com"
target="_blank"><a class="moz-txt-link-abbreviated" href="mailto:christian.beikov@gmail.com">christian.beikov@gmail.com</a></a>></span>
wrote:<br>
<blockquote class="gmail_quote"
style="margin:0 0 0
.8ex;border-left:1px #ccc
solid;padding-left:1ex">Hello,<br>
<br>
I am running some tests with my
application cluster being secured by a<br>
single keycloak server instance and I
encountered problems with the adapter.<br>
<br>
My application cluster contains 2
nodes and is load balanced by nginx.<br>
For testing purposes, I enabled round
robin load balancing which is<br>
probably the "cause" for my issues.<br>
<br>
When I access a secured page, I get
redirected to keycloak and<br>
everything is fine. When I then login,
and keycloak redirects me back to<br>
the application, I get to a different
application cluster node because<br>
of round robin. On that node,
apparently the initial information of
the<br>
client session is not available and I
get redirected to keycloak login<br>
page again. Then keycloak redirects me
back to the application, this<br>
time to the original node, and says
that access is forbidden.<br>
<br>
I suppose the web session caches are
not in sync but I just used the<br>
default cache containers as they are
defined in standalone-ha.xml of my<br>
Wildlfy 10 CR4. Clustering with
jgroups works, as I use other<br>
distributed caches too which work just
fine.<br>
<br>
We are using Keycloak 1.8.0.CR2 on a
Wildfly 10 CR4<br>
<br>
Regards,<br>
Christian<br>
_______________________________________________<br>
keycloak-dev mailing list<br>
<a moz-do-not-send="true"
href="mailto:keycloak-dev@lists.jboss.org"
target="_blank">keycloak-dev@lists.jboss.org</a><br>
<a moz-do-not-send="true"
href="https://lists.jboss.org/mailman/listinfo/keycloak-dev"
rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-dev</a><br>
</blockquote>
</div>
<br>
</div>
</blockquote>
<br>
</div>
</div>
</div>
</blockquote>
</div>
<br>
</div>
</div>
</div>
</div>
</div>
</blockquote>
<br>
</body>
</html>