[keycloak-user] Logout in cluster environments

Marek Posolda mposolda at redhat.com
Mon Jan 23 03:34:58 EST 2017 

I don't see anything in our documentation for Keycloak SAML adapter. Not 
sure if we support clustering or not. Maybe someone else knows.

But I think that if you have <distributable /> in your applications and 
it still doesn't work, then feel free to create JIRA.

Marek

On 20/01/17 17:29, Pulkit Gupta wrote:
> We can't really move to OIDC as we have already used SAML for a number 
> of apps.
> Is clustering not supported by SAML client adapters for Jboss?
>
> Regards,
> Pulkit
>
>
> On Fri, Jan 20, 2017 at 1:47 PM, Marek Posolda <mposolda at redhat.com 
> <mailto:mposolda at redhat.com>> wrote:
>
>     This is supposed to work for Keycloak OIDC clients and some docs
>     is here
>     https://keycloak.gitbooks.io/securing-client-applications-guide/content/topics/oidc/java/application-clustering.html
>     <https://keycloak.gitbooks.io/securing-client-applications-guide/content/topics/oidc/java/application-clustering.html>
>     .
>
>     I don't know about Keycloak SAML clients. Is it an alternative for
>     you to try OIDC instead of SAML?
>
>     Marek
>
>     On 20/01/17 08:19, Pulkit Gupta wrote:
>
>         Hi All,
>
>         I am running multiple applications deployed on a Jboss cluster
>         with
>         infinispan used as a cache and for distributed sessions.
>         I verified and can see that session replication is working for
>         a normal
>         application where I can see the same session on all the
>         servers in the
>         cluster and hence the application is working fine without session
>         stickiness.
>
>         However when I am trying to use any Keycloak SAML client based
>         application
>         it is only working if the request is going to a particular box
>         in the
>         cluster. On all the other boxes we are getting errors.
>         >From this behavior I am concluding that somehow for Keycloak
>         based
>         applications sessions are not getting replicated.
>         Both these applications has <distributable /> tag in them so I
>         am not sure
>         why it is showing different behaviour.
>
>         I know we can fix this by just enabling session stickiness but
>         we want the
>         sessions to be replicated as well.
>         This is because we want to make our set up more resilient.
>         Also in case of
>         logout when Keycloak is sending a back channel logout request
>         it amy send
>         it to any server in the cluster.
>         If the sessions are not properly replicated then the logout
>         will fail as
>         the session will remain preserved on some other server in the
>         cluster.
>
>         Can someone please suggest me something what to try.
>
>
>
>
>
> -- 
> Thanks,
> Pulkit
> AMS

More information about the keycloak-user mailing list