[keycloak-user] [keycloak-dev] Running Keycloak in a clustered mode

[Marek Posolda]

On 28/02/18 11:15, Shankar_Bhaskaran wrote:
> Hi ,
>
> We are running 2 standalone instances of keycloak with a shared database(later on a clustered database) in active passive mode using haproxy as the loadbalancer  . I  had tested some rest services by running the request again with the same bearer token  with the active keycloak server down and passive server now becomes active one  and it still works.
> Can we run  2 instances of keycloak in the standalone mode behind a proxy with a shared database ? Or should we cluster it first using standlone-ha.xml configuration?
> What features will be disabled if we use the former way of loadbalancing keycloak
I suggest to always rather use clustered keycloak with standalone-ha.xml 
and since you want failover support, increase number of owners to 2 for 
distributed caches.

One of the things, which won't work for the former setup (with 
standalone instances) is the replication of user sessions. In other 
words, userSession created on node1 won't be visible on node2. The 
scenario you mentioned may work (EG. the REST endpoint triggered on 
node2 will be able to successfully verify accessToken created on node1). 
However access tokens are usually short lived and it is assumed that you 
periodically "refresh" them (our adapters do refresh automatically). And 
refreshing the token requires userSession to be present, so with the 
former setup, it will fail as userSession created on node1 won't be 
available on node2.

User session is one example. There are some other things, which won't 
work. We never tried to test such setup and I wouldn't do it.

Marek
>
> Regards.
> Shankar
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev