[keycloak-user] 1.1 Beta2 in Wildfly cluster

Marek Posolda mposolda at redhat.com
Fri Dec 12 06:55:55 EST 2014

Are you using shared database among both cluster nodes? Also when you 
start node1 and then start node2, you should see some message similar to 
this in the log of node1, which indicates that cluster nodes are connected:

wfnode_1 | 11:28:30,888 INFO 
(Incoming-1,shared=udp) ISPN000094: Received new cluster view: 
[wfnode1/web|1] (2) [wfnode1/web, wfnode2/web]
wfnode_1 | 11:28:33,767 INFO 
(Incoming-10,shared=udp) ISPN000094: Received new cluster view: 
[wfnode1/keycloak|1] (2) [wfnode1/keycloak, wfnode2/keycloak]

For more logging of which provider is used by keycloak-server.json, you 
can enable DEBUG logging for keycloak in standalone-full.xml (or 
domain.xml or whatever you are using):

                 <logger category="org.keycloak">
                     <level name="DEBUG"/>

Also I think that editing file 
|standalone/configuration/keycloak-server.json is just for standalone, 
but probably doesn't work for wildfly domain.

Maybe you can first try if cluster works in standalone configuration. If 
it helps, we can figure the domain later.


On 10.12.2014 00:57, Schneider, John DODGE CONSULTING SERVICES, LLC wrote:
> Hi,
> Correction, I **thought** everything was running in Wildfly domain 
> mode.  It turns out I just got lucky by hitting the same server node 
> in my initial test.  After a reboot and further testing today, I’m not 
> able to login to the Keycloak admin console when both nodes in my 
> cluster are running.  After attempting login, I am either taken back 
> to a blank login page, or I see error “Unknown code, please login 
> again through your application.”  Once in awhile, I can login without 
> error. I should note that I’m using an Apache reverse proxy via 
> mod_cluster.
> I see no errors in the server logs.  I do see message “JBAS010281: 
> Started <x> cache from keycloak container” for each of “realms”, 
> “sessions”, “loginFailures”, “users”.  So, it looks like my domain 
> config is working.  However, I can’t tell for sure that Keycloak is 
> attempting to use the infinispan caches.  Some additional log output 
> showing the values from keycloak-server.json would be helpful.  I used 
> the CLI to upload 
> “/profile=full-ha/subsystem=keycloak/auth-server=keycloak-1/:update-server-config(bytes-to-upload=/usr/local/wildfly/domain/configuration/keycloak-server.json~,overwrite=true)” 
> The response was “success” and then I restarted Wildfly on both nodes 
> in the cluster.
> Has anyone been able to get Keycloak 1.1 Beta 2 working in a wildfly 
> domain, and using mod_cluster?  If so, could you please provide guidance?
> Thanks,
> John
> *Sent:* Monday, December 08, 2014 6:43 PM
> *To:* keycloak-user at lists.jboss.org
> *Subject:* 1.1 documentation update for running in domain HA mode
> Hi guys,
> Thanks so much for getting clustering support working in 1.1.  I have 
> it up and running well in a Wildfly 8 domain setup under the “full-ha” 
> profile.  One thing that I was pulling my hair out about for a while 
> today were some errors related to Infinispan config.  I figured out 
> that if running in HA cluster, you must include the “transport” 
> element under the cache-container config (i.e. <transport 
> lock-timeout=”60000” />).  It would be great if you could update 
> Chapter 23 of the documentation to reflect this requirement.
> Thanks,
> John
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20141212/29e5479b/attachment.html 

More information about the keycloak-user mailing list