<div dir="ltr">This should work just fine without sticky sessions. We also don't support sticky sessions at the moment as there's no cookie to stick on. We're going to look into supporting sticky sessions soon.</div><div class="gmail_extra"><br><div class="gmail_quote">On 26 February 2016 at 09:29, Vlastimil Elias <span dir="ltr"><<a href="mailto:velias@redhat.com" target="_blank">velias@redhat.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF">
What about configuring <span lang="EN-US">Loadbalancer to use
sticky sessions?<br>
<br>
Vlastimil<br>
</span><div><div class="h5"><br>
<div>On 25.2.2016 16:10, Peter Krivansky
wrote:<br>
</div>
</div></div><blockquote type="cite"><div><div class="h5">
<div>
<p class="MsoNormal">Hello,<u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal"><span lang="EN-US">I have a Keycloak
cluster with two servers, in front of each Keaycloak is
Apache running.<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-US"><u></u> <u></u></span></p>
<p class="MsoNormal" style="text-indent:35.4pt"><span lang="EN-US">LB<u></u><u></u></span></p>
<p class="MsoNormal" style="text-indent:35.4pt"><span lang="EN-US">/\<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-US"> Host A Host B<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-US"><u></u> <u></u></span></p>
<p class="MsoNormal"><span lang="EN-US">Now, Host-A and Host-B
are in different subnets, due to this design we are running
jGroups via TCP.
<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-US">Now everything is
working fine, except for the Keycloak Admin console, once a
user tries to log in, they get for a milisecond in to the
Admin console, but then they get redirected to the login
page immediately.<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-US">When I disable Host-A or
Host-B on the Loadbalancer, (new sessions will land only on
Hst-A or Host-B) the Login to Keycloak Admin Console will
work normally.<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-US">During the immediate
redirection there is only this one WARNING in the
Server.log:<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-US"><u></u> <u></u></span></p>
<p class="MsoNormal"><span lang="EN-US">15:41:42,886 WARN
[org.jboss.resteasy.core.ExceptionHandler] (default task-10)
Failed executing GET /admin/serverinfo:
org.jboss.resteasy.spi.UnauthorizedException: Bearer<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-US"> at
org.keycloak.services.resources.admin.AdminRoot.authenticateRealmAdminRequest(AdminRoot.java:156)<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-US"> at
org.keycloak.services.resources.admin.AdminRoot.getServerInfo(AdminRoot.java:209)<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-US"> at
sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-US"> at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-US"> at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-US"> at
java.lang.reflect.Method.invoke(Method.java:498)<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-US"> at
org.jboss.resteasy.core.ResourceLocatorInvoker.createResource(ResourceLocatorInvoker.java:81)<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-US"> at
org.jboss.resteasy.core.ResourceLocatorInvoker.createResource(ResourceLocatorInvoker.java:60)<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-US"> at
org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:102)<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-US"> at
org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:356)<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-US"> at
org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-US"> at
org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-US"> at
org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-US"> at
org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-US"> at
javax.servlet.http.HttpServlet.service(HttpServlet.java:790)<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-US"> at
io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:86)<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-US"> at
io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:130)<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-US"> at
org.keycloak.services.filters.KeycloakSessionServletFilter.doFilter(KeycloakSessionServletFilter.java:61)<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-US"> at
io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:60)<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-US"> at
io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:132)<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-US"> at
io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:85)<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-US"> at
io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-US"> at
io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-US"> at
org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-US"> at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-US"> at
io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:131)<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-US"> at
io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-US"> at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-US"> at
io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-US"> at
io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-US"> at
io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:58)<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-US"> at
io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:72)<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-US"> at
io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-US"> at
io.undertow.security.handlers.SecurityInitialHandler.handleRequest(SecurityInitialHandler.java:76)<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-US"> at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-US"> at
org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-US"> at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-US"> at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-US"> at
io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:282)<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-US"> at
io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:261)<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-US"> at
io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:80)<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-US"> at
io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:172)<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-US"> at
io.undertow.server.Connectors.executeRootHandler(Connectors.java:199)<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-US"> at
io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:774)<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-US"> at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-US"> at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-US"> at
java.lang.Thread.run(Thread.java:745)<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-US"><u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-US"><u></u> <u></u></span></p>
<p class="MsoNormal"><span lang="EN-US">I attached my domain.xml<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-US">Have I missed something,
or what did I wrong?
<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-US"><u></u> <u></u></span></p>
<p class="MsoNormal"><span lang="EN-US">With Kind regards Peter<u></u><u></u></span></p>
</div>
<br>
<fieldset></fieldset>
<br>
</div></div><span class=""><pre>_______________________________________________
keycloak-dev mailing list
<a href="mailto:keycloak-dev@lists.jboss.org" target="_blank">keycloak-dev@lists.jboss.org</a>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-dev" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-dev</a></pre>
</span></blockquote><span class="HOEnZb"><font color="#888888">
<br>
<pre cols="72">--
Vlastimil Elias
Principal Software Engineer
Developer Portal Engineering Team</pre>
</font></span></div>
<br>_______________________________________________<br>
keycloak-dev mailing list<br>
<a href="mailto:keycloak-dev@lists.jboss.org">keycloak-dev@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-dev" rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-dev</a><br></blockquote></div><br></div>