<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=Windows-1252">
<meta name="Generator" content="Microsoft Word 14 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";
color:black;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
code
{mso-style-priority:99;
font-family:"Courier New";}
pre
{mso-style-priority:99;
mso-style-link:"HTML Preformatted Char";
margin:0in;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Courier New";
color:black;}
p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
{mso-style-priority:99;
mso-style-link:"Balloon Text Char";
margin:0in;
margin-bottom:.0001pt;
font-size:8.0pt;
font-family:"Tahoma","sans-serif";
color:black;}
span.EmailStyle18
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:windowtext;}
span.EmailStyle19
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.HTMLPreformattedChar
{mso-style-name:"HTML Preformatted Char";
mso-style-priority:99;
mso-style-link:"HTML Preformatted";
font-family:Consolas;
color:black;}
span.BalloonTextChar
{mso-style-name:"Balloon Text Char";
mso-style-priority:99;
mso-style-link:"Balloon Text";
font-family:"Tahoma","sans-serif";
color:black;}
span.EmailStyle24
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body bgcolor="white" lang="EN-US" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal"><span style="color:#1F497D">Hi Marek,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">Thanks for getting back to me. I did see the ISPN000094 message you described in my log files, but it didn’t look like the messages you listed. My messages only noted one node. After disabling the firewall
on both nodes, Keycloak is now working in domain mode with Infinispan providers in my config. Now I just have to figure out all the ports necessary for JGroups to function correctly. Once I figure this out, I will respond back. Hopefully you can add this
info to the documentation to help others out in the future.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">Thanks again for your help,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">John<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext">From:</span></b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext"> Marek Posolda [mailto:mposolda@redhat.com]
<br>
<b>Sent:</b> Friday, December 12, 2014 6:56 AM<br>
<b>To:</b> Schneider, John DODGE CONSULTING SERVICES, LLC; keycloak-user@lists.jboss.org<br>
<b>Subject:</b> [External] Re: [keycloak-user] 1.1 Beta2 in Wildfly cluster<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<p class="MsoNormal">Are you using shared database among both cluster nodes? Also when you start node1 and then start node2, you should see some message similar to this in the log of node1, which indicates that cluster nodes are connected:<br>
<br>
wfnode_1 | 11:28:30,888 INFO [org.infinispan.remoting.transport.jgroups.JGroupsTransport] (Incoming-1,shared=udp) ISPN000094: Received new cluster view: [wfnode1/web|1] (2) [wfnode1/web, wfnode2/web]<br>
wfnode_1 | 11:28:33,767 INFO [org.infinispan.remoting.transport.jgroups.JGroupsTransport] (Incoming-10,shared=udp) ISPN000094: Received new cluster view: [wfnode1/keycloak|1] (2) [wfnode1/keycloak, wfnode2/keycloak]<br>
<br>
<br>
<br>
For more logging of which provider is used by keycloak-server.json, you can enable DEBUG logging for keycloak in standalone-full.xml (or domain.xml or whatever you are using):<br>
<br>
<logger category="org.keycloak"><br>
<level name="DEBUG"/><br>
</logger><br>
<br>
Also I think that editing file <code><span style="font-size:10.0pt">standalone/configuration/keycloak-server.json is just for standalone, but probably doesn't work for wildfly domain.</span></code><span style="font-size:10.0pt;font-family:"Courier New""><br>
<br>
</span><br>
Maybe you can first try if cluster works in standalone configuration. If it helps, we can figure the domain later.<br>
<br>
Marek<br>
<br>
On 10.12.2014 00:57, Schneider, John DODGE CONSULTING SERVICES, LLC wrote:<o:p></o:p></p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal"><span style="color:#1F497D">Hi,</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D">Correction, I *<b>thought</b>* everything was running in Wildfly domain mode. It turns out I just got lucky by hitting the same server node in my initial test. After a reboot and further testing today, I’m
not able to login to the Keycloak admin console when both nodes in my cluster are running. After attempting login, I am either taken back to a blank login page, or I see error “</span>Unknown code, please login again through your application.<span style="color:#1F497D">”
Once in awhile, I can login without error. I should note that I’m using an Apache reverse proxy via mod_cluster.</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D">I see no errors in the server logs. I do see message “JBAS010281: Started <x> cache from keycloak container” for each of “realms”, “sessions”, “loginFailures”, “users”. So, it looks like my domain config is
working. However, I can’t tell for sure that Keycloak is attempting to use the infinispan caches. Some additional log output showing the values from keycloak-server.json would be helpful. I used the CLI to upload “/profile=full-ha/subsystem=keycloak/auth-server=keycloak-1/:update-server-config(bytes-to-upload=/usr/local/wildfly/domain/configuration/keycloak-server.json~,overwrite=true)”
The response was “success” and then I restarted Wildfly on both nodes in the cluster.</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D">Has anyone been able to get Keycloak 1.1 Beta 2 working in a wildfly domain, and using mod_cluster? If so, could you please provide guidance?</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D">Thanks,</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D">John</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"> </span><o:p></o:p></p>
<div>
<div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">From:</span></b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> Schneider, John DODGE CONSULTING SERVICES, LLC
<br>
<b>Sent:</b> Monday, December 08, 2014 6:43 PM<br>
<b>To:</b> <a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br>
<b>Subject:</b> 1.1 documentation update for running in domain HA mode</span><o:p></o:p></p>
</div>
</div>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">Hi guys,<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">Thanks so much for getting clustering support working in 1.1. I have it up and running well in a Wildfly 8 domain setup under the “full-ha” profile. One thing that I was pulling my hair out about for a while today were some errors related
to Infinispan config. I figured out that if running in HA cluster, you must include the “transport” element under the cache-container config (i.e. <transport lock-timeout=”60000” />). It would be great if you could update Chapter 23 of the documentation
to reflect this requirement.<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">Thanks, <o:p></o:p></p>
<p class="MsoNormal">John<o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Times New Roman","serif""><br>
<br>
<br>
<o:p></o:p></span></p>
<pre>_______________________________________________<o:p></o:p></pre>
<pre>keycloak-user mailing list<o:p></o:p></pre>
<pre><a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><o:p></o:p></pre>
<pre><a href="https://lists.jboss.org/mailman/listinfo/keycloak-user">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><o:p></o:p></pre>
</blockquote>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Times New Roman","serif""><o:p> </o:p></span></p>
</div>
</body>
</html>