[keycloak-user] Externalising session storage in keycloak
Stian Thorgersen
stian at redhat.com
Tue Apr 7 07:43:54 EDT 2015
In keycloak-server.json set userSessionProvider to JPA:
"userSessions": {
"provider": "jpa"
}
You also need to either disable realm and user caches:
"realmCache": {
"provider": "none"
},
"userCache": {
"provider": "none"
}
Or use Infinispan invalidation caches as the clustering documentation suggests.
Bear in mind that if you store user sessions in db and don't use the caches you'll be generating a fair bit of db traffic, so it won't scale extremely well.
----- Original Message -----
> From: "Kalinga Dissanayake" <kalinga at leapset.com>
> To: "Stian Thorgersen" <stian at redhat.com>
> Cc: keycloak-user at lists.jboss.org
> Sent: Tuesday, 7 April, 2015 1:37:38 PM
> Subject: Re: Externalising session storage in keycloak
>
>
> What should I do to store sessions in the database? Is there a guide to do
> this? Should I implement any SPI?
>
> Kalinga
>
> -----Original Message-----
> From: "Stian Thorgersen" <stian at redhat.com>
> Sent: Tuesday, April 7, 2015 11:50am
> To: "Kalinga Dissanayake" <kalinga at leapset.com>
> Cc: keycloak-user at lists.jboss.org
> Subject: Re: Externalising session storage in keycloak
>
>
>
> We have support for using either Infinispan or a database (relational or
> Mongo) to store the user sessions when load balanced.
>
> If performance is not a problem you can just go with storing sessions in the
> database. Otherwise go with Infinispan, see
> http://docs.jboss.org/keycloak/docs/1.2.0.Beta1/userguide/html/clustering.html
> for the details on how to configure that. To use a replicated cache instead
> of a distributed cache use the following config for Infinspan:
>
> <subsystem xmlns="urn:jboss:domain:infinispan:2.0">
> <cache-container name="keycloak" jndi-name="infinispan/Keycloak"
> start="EAGER">
> <transport lock-timeout="60000"/>
> <invalidation-cache name="realms" mode="SYNC"/>
> <invalidation-cache name="users" mode="SYNC"/>
> <replicated-cachename="sessions" mode="SYNC"/>
> <replicated-cache name="loginFailures" mode="SYNC"/>
> </cache-container>
> ...
> </subsystem>
>
> You can also just use the configuration from the docs above but set
> 'owners="2"'.
>
> ----- Original Message -----
> > From: "Kalinga Dissanayake" <kalinga at leapset.com>
> > To: keycloak-user at lists.jboss.org
> > Cc: "Stian Thorgersen" <stian at redhat.com>
> > Sent: Monday, 6 April, 2015 2:13:42 PM
> > Subject: Externalising session storage in keycloak
> >
> >
> > Guys i know this has been discussed before, but im trying to find a simple
> > number of steps for me to externalize the session storage in keycloak.
> > I just need to do the following;
> > 1. Two servers running keycloak (wildfly)
> > 2. A load balancer in front of these two servers. Preferably an AWS
> > loadbalancer
> > 3. I need to store the session details on an external store so that the
> > sessions work accurately.
> >
> > There is so much documentation for this but I am actually confused as to
> > what
> > i should do and the bare minimum i should do to achieve this. I dont need a
> > distributed cache or anything just need one cache store (may be infinispan
> > or memcached) and the two keycloak servers running storing the sessions on
> > that. Is there one key place i should look into which contains the bare
> > minimum i should do.
> >
> > Kalinga.
> >
More information about the keycloak-user
mailing list