[keycloak-user] Unable To Use Refresh Token
Sagar Ahire
sagarahire at arvindinternet.com
Tue Mar 7 08:52:02 EST 2017
I'm using the standard keycloak 2.4.0 docker image, I modified the
standalone.xml in docker file. I've increased owners count to 4. following
are the tags I changed in *standalone.xml*.
<distributed-cache name="sessions" mode="SYNC" owners="4"/>
<distributed-cache name="offlineSessions" mode="SYNC" owners="4"/>
<distributed-cache name="loginFailures" mode="SYNC" owners="4"/>
<distributed-cache name="authorization" mode="SYNC" owners="4"/>
But still facing the same issue. Is standalone.xml the correct file I need
to change? or I'm missing something here.
regards,
-Sagar
On Mon, Mar 6, 2017 at 7:31 PM, Andrew Zenk <azenk at umn.edu> wrote:
> Have you increased the owner count for the various caches to something
> greater than 1?
>
> On Mar 6, 2017 7:56 AM, "Sagar Ahire" <sagarahire at arvindinternet.com>
> wrote:
>
>> Hello,
>>
>> I've deployed keyclock 2.4.0 in a kubernetes environment. While refreshing
>> the access token I'm getting following response.
>> {'error': 'invalid_grant', 'error_description': 'Client session not
>> active'}.
>>
>> Here is what I did:
>> Step1: First, I generated three access tokens and refresh tokens
>> (rf1,rf2,rf3), then I used this refresh_tokens to refresh the access
>> tokens. I got the access tokens successfully for all three requests.
>> (Successful scenario)
>>
>> Step2: I restarted some of the pods from the keyclock cluster, I tried to
>> refresh the access tokens using the same refresh tokens(rf1,rf2,rf3)
>> again,
>> using rf1 I could refresh the access token but using rf2,rf3 I got the
>> response mentioned above ('client session not active'). I made sure rf2
>> and
>> rf3 are not expired.
>>
>> I'm unable to use refresh token even though it is not expired. I suspect
>> session created on one pod is not properly shared between all the members
>> of a cluster and I'm loosing the session if one of my pod is restarted or
>> goes down.
>>
>> Can someone please suggest any solution for this? Any help would be
>> greatly
>> appreciated.
>>
>>
>>
>>
>> regards,
>> -Sagar
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>
>
More information about the keycloak-user
mailing list