<html><body><div style="color:#000; background-color:#fff; font-family:HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif;font-size:16px"><div id="yui_3_16_0_1_1422373808980_17482"><span></span></div><div id="yui_3_16_0_1_1422373808980_17522">Hi Marek - Need some more help from you. I have a cluster of two nodes now and I see the below message on both the nodes after I utilized tcp instead of udp.</div><blockquote type="cite" id="yui_3_16_0_1_1422373808980_17500" style="font-size: 16.3636360168457px;" class=""><div id="yui_3_16_0_1_1422373808980_17499" style="font-size: 16px;" class=""><div id="yiv1594198931yui_3_16_0_1_1421668961517_2535" style="font-size: 16px;" class=""><div id="yiv1594198931yui_3_16_0_1_1421668961517_2534" style="font-size: 16px;" class=""><div class="" id="yiv1594198931yui_3_16_0_1_1421668961517_2560" style=""><div id="yiv1594198931" class="" style=""><div id="yiv1594198931yui_3_16_0_1_1421668961517_2559" class="" style=""><div class="" id="yiv1594198931yui_3_16_0_1_1421668961517_2558" style="">Received new cluster view: [node1/keycloak|1] (2) [node1/keycloak, node2/keycloak]</div><div class="" id="yiv1594198931yui_3_16_0_1_1421668961517_2558" style=""><br></div><div class="" id="yiv1594198931yui_3_16_0_1_1421668961517_2558" style="" dir="ltr">While testing the SAML IDP functionality using Spring SAML as service provider, I noticed that the session information on one node was not getting replicated on the second one (after successfully logging in with 1st node, I took it down and the second node redirected me to login page instead of picking up from where the first one left off)<br></div><div class="" id="yiv1594198931yui_3_16_0_1_1421668961517_2558" style="" dir="ltr"><br></div><div class="" id="yiv1594198931yui_3_16_0_1_1421668961517_2558" style="" dir="ltr">Tried to increase logging for INFINISPAN and JGroups in standalone.xml but didn't see any change in logs. Any suggestions on how I can figure out what is happening?</div><div class="" id="yiv1594198931yui_3_16_0_1_1421668961517_2558" style="" dir="ltr"><br></div><div class="" id="yiv1594198931yui_3_16_0_1_1421668961517_2558" style="" dir="ltr">Thanks,</div><div class="" id="yiv1594198931yui_3_16_0_1_1421668961517_2558" style="" dir="ltr">Raghu</div></div></div></div></div></div></div></blockquote> <div style="font-family: HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif; font-size: 16px;" id="yui_3_16_0_1_1422373808980_17485"> <div style="font-family: HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif; font-size: 16px;" id="yui_3_16_0_1_1422373808980_17484"> <div dir="ltr" id="yui_3_16_0_1_1422373808980_17483"> <hr size="1" id="yui_3_16_0_1_1422373808980_17511"> <font size="2" face="Arial" id="yui_3_16_0_1_1422373808980_17486"> <b><span style="font-weight:bold;">From:</span></b> Raghu Prabhala <prabhalar@yahoo.com><br> <b><span style="font-weight: bold;">To:</span></b> Marek Posolda <mposolda@redhat.com> <br><b><span style="font-weight: bold;">Cc:</span></b> Keycloak-user <keycloak-user@lists.jboss.org> <br> <b><span style="font-weight: bold;">Sent:</span></b> Friday, January 23, 2015 2:19 PM<br> <b><span style="font-weight: bold;">Subject:</span></b> Re: [keycloak-user] Keycloak Clustering Issues<br> </font> </div> <div class="y_msg_container" id="yui_3_16_0_1_1422373808980_17487"><br><div id="yiv1594198931"><div id="yui_3_16_0_1_1422373808980_17489"><div id="yui_3_16_0_1_1422373808980_17488">Figured out the issue. Udp communication was not allowed. So switched to "tcp". Updated the Jira 979 with the settings for tcp. Please update your documentation so that it can benefit others <br clear="none"><br clear="none">Sent from my iPhone</div><div class="qtdSeparateBR"><br><br></div><div class="yiv1594198931yqt9673161606" id="yiv1594198931yqt52494"><div><br clear="none">On Jan 19, 2015, at 11:02 AM, Marek Posolda <<a rel="nofollow" shape="rect" ymailto="mailto:mposolda@redhat.com" target="_blank" href="mailto:mposolda@redhat.com">mposolda@redhat.com</a>> wrote:<br clear="none"><br clear="none"></div><blockquote type="cite"><div>
</div></blockquote></div></div><div class="yiv1594198931yqt9673161606" id="yiv1594198931yqt92689"><div id="yui_3_16_0_1_1422373808980_17498"><div class="yiv1594198931moz-cite-prefix" id="yui_3_16_0_1_1422373808980_17497">oops, sorry. The server-info page was
added recently and it's not in 1.1.Beta2. It would be available in
1.1.0.Final (or alternative is to build keycloak from master).
Anyway, if you enable debug logging for
org.keycloak.services.DefaultKeycloakSessionFactory you should see
in server.log which providers are used and hence you should see
'infinispan' for realmCache, userCache and userSessions.<br clear="none">
<br clear="none">
We also recently added "Troubleshooting" page to clustering docs,
which might help you to figure out what ports are needed
<a rel="nofollow" shape="rect" class="yiv1594198931moz-txt-link-freetext" target="_blank" href="https://github.com/keycloak/keycloak/blob/master/docbook/reference/en/en-US/modules/clustering.xml#L222" id="yui_3_16_0_1_1422373808980_17496">https://github.com/keycloak/keycloak/blob/master/docbook/reference/en/en-US/modules/clustering.xml#L222</a>
. You can try to temporarily disable firewall and see if it helps
with cluster communication. Then you can figure more accurately
which ports you need to open.<br clear="none">
<br clear="none">
But generally we rely on infinispan/jgroups for cluster, so more
info about cluster config and switch between udp/tcp should be
available in their docs.<br clear="none">
<br clear="none">
Marek<br clear="none">
<br clear="none">
On 19.1.2015 13:32, prab rrrr wrote:<br clear="none">
</div>
<blockquote type="cite" id="yui_3_16_0_1_1422373808980_17500">
<div style="color:#000;background-color:#fff;font-family:HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif;font-size:16px;" id="yui_3_16_0_1_1422373808980_17499">
<div><span></span></div>
<div dir="ltr" id="yiv1594198931yui_3_16_0_1_1421668961517_2548">Hi Marek -
Thanks for the below pointers. I believe my setup is good but
probably the udp communication is blocked in my organization
as I do not see the specific log you mentioned. Here are some
of the log messages I see:</div>
<div dir="ltr" id="yiv1594198931yui_3_16_0_1_1421668961517_2596"><br clear="none">
</div>
<div dir="ltr" id="yiv1594198931yui_3_16_0_1_1421668961517_2597">Starting
JGroups channel</div>
<div dir="ltr" id="yiv1594198931yui_3_16_0_1_1421668961517_2598">Received new
cluster view ... node 1 (no information about node2)<br clear="none">
</div>
<div dir="ltr" id="yiv1594198931yui_3_16_0_1_1421668961517_2754">I will look
at JGroups documentation to have the communication setup using
tcp on a different port. Hopefully that would address the
problem.</div>
<div dir="ltr" id="yiv1594198931yui_3_16_0_1_1421668961517_2764"><br clear="none">
</div>
<div dir="ltr" id="yiv1594198931yui_3_16_0_1_1421668961517_2765">I tried out
the url you provided to verify the setup but it doesn't work -
checked on two different setups. fyi - I am using 1.1Beta2
version.</div>
<div dir="ltr" id="yiv1594198931yui_3_16_0_1_1421668961517_2766"><br clear="none">
</div>
<div dir="ltr" id="yiv1594198931yui_3_16_0_1_1421668961517_2767">Regards,</div>
<div dir="ltr">Raghu</div>
<div id="yiv1594198931yui_3_16_0_1_1421668961517_2535" style="font-family:HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif;font-size:16px;">
<div id="yiv1594198931yui_3_16_0_1_1421668961517_2534" style="font-family:HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif;font-size:16px;">
<div dir="ltr" id="yiv1594198931yui_3_16_0_1_1421668961517_2533">
<hr id="yiv1594198931yui_3_16_0_1_1421668961517_2739" size="1"> <font id="yiv1594198931yui_3_16_0_1_1421668961517_2532" face="Arial" size="2"> <b><span style="font-weight:bold;">From:</span></b>
Marek Posolda <a rel="nofollow" shape="rect" class="yiv1594198931moz-txt-link-rfc2396E" ymailto="mailto:mposolda@redhat.com" target="_blank" href="mailto:mposolda@redhat.com"><mposolda@redhat.com></a><br clear="none">
<b><span style="font-weight:bold;">To:</span></b> prab
rrrr <a rel="nofollow" shape="rect" class="yiv1594198931moz-txt-link-rfc2396E" ymailto="mailto:prabhalar@yahoo.com" target="_blank" href="mailto:prabhalar@yahoo.com"><prabhalar@yahoo.com></a>; Keycloak-user
<a rel="nofollow" shape="rect" class="yiv1594198931moz-txt-link-rfc2396E" ymailto="mailto:keycloak-user@lists.jboss.org" target="_blank" href="mailto:keycloak-user@lists.jboss.org"><keycloak-user@lists.jboss.org></a> <br clear="none">
<b><span style="font-weight:bold;">Sent:</span></b>
Monday, January 19, 2015 6:09 AM<br clear="none">
<b><span style="font-weight:bold;">Subject:</span></b>
Re: [keycloak-user] Keycloak Clustering Issues<br clear="none">
</font> </div>
<div class="yiv1594198931y_msg_container" id="yiv1594198931yui_3_16_0_1_1421668961517_2560"><br clear="none">
<div id="yiv1594198931">
<div id="yiv1594198931yui_3_16_0_1_1421668961517_2559">
<div class="yiv1594198931moz-cite-prefix" id="yiv1594198931yui_3_16_0_1_1421668961517_2558">That's quite
strange. I've just tested same scenario and works
fine for me. If you do any change on user, the user
is invalidated from cache on node-1 and this change
about invalidation should be propagated to node-2 .
As long as you have shared database, node-2 should
then retrieve newest data about shared user from
database. <br clear="none">
<br clear="none">
I would suggest to try this:<br clear="none">
<br clear="none">
* Make sure that your infinispan cluster is
correctly set. You can check it by seeing the
message similar to this in server.log of both nodes:
node_1 | 10:49:50,344 INFO
[org.infinispan.remoting.transport.jgroups.JGroupsTransport]
(Incoming-10,shared=udp) ISPN000094: Received new
cluster view: [node1/keycloak|1] (2)
[node1/keycloak, node2/keycloak]<br clear="none">
<br clear="none">
* Make sure that you enable "infinispan" as provider
of realmCache and userCache and configured
connectionsInfinispan . When you open admin console
on any node like: <a rel="nofollow" shape="rect" class="yiv1594198931moz-txt-link-freetext" id="yiv1594198931yui_3_16_0_1_1421668961517_2599" target="_blank" onclick="return theMainWindow.showLinkWarning(this)" href="http://localhost:8080/auth/admin/master/console/index.html#/server-info">http://node-1:8080/auth/admin/master/console/index.html#/server-info</a><br clear="none">
<br clear="none">
you should see:<br clear="none">
connectionsInfinispan default<br clear="none">
realmCache infinispan<br clear="none">
userCache infinispan<br clear="none">
userSessions infinispan<br clear="none">
<br clear="none">
* If still seeing issues, you can try to enable
trace logging for
"org.keycloak.models.cache.infinispan" category.<br clear="none">
<br clear="none">
Hope this helps,<br clear="none">
Marek<br clear="none">
<br clear="none">
<br clear="none">
On 17.1.2015 04:32, prab rrrr wrote:<br clear="none">
</div>
<blockquote id="yiv1594198931yui_3_16_0_1_1421668961517_2713" type="cite">
<div class="yiv1594198931qtdSeparateBR"><br clear="none">
<br clear="none">
</div>
<div class="yiv1594198931yqt9566109160" id="yiv1594198931yqt12189">
<div id="yiv1594198931yui_3_16_0_1_1421668961517_2712" style="color:rgb(0, 0, 0);font-family:HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif;font-size:16px;background-color:rgb(255, 255, 255);">
<div dir="ltr" id="yiv1594198931yui_3_16_0_1_1421464230104_2309"> Anyone noticed any issues with
Infinispan? I saw a weird issue. After setting
up a cluster with two nodes, made some changes
on node-1 (created a user and changed the
first name). While the user appeared on
node-2, the change to the first name didn't
make it. Restarting the node-2 didn't help
either. Wondering if Infinispan is preventing
all the changes to be picked up from database.
If so, what settings would ensure that the
data is consistent between the nodes?</div>
<div dir="ltr" id="yiv1594198931yui_3_16_0_1_1421464230104_2333"><br clear="none">
</div>
<div dir="ltr" id="yiv1594198931yui_3_16_0_1_1421464230104_2334">Thanks,</div>
<div dir="ltr" id="yiv1594198931yui_3_16_0_1_1421464230104_2335">Raghu</div>
</div>
</div>
<br clear="none">
<fieldset class="yiv1594198931mimeAttachmentHeader"></fieldset>
<br clear="none">
<pre>_______________________________________________
keycloak-user mailing list
<a rel="nofollow" shape="rect" class="yiv1594198931moz-txt-link-abbreviated" ymailto="mailto:keycloak-user@lists.jboss.org" target="_blank" href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a>
<a rel="nofollow" shape="rect" class="yiv1594198931moz-txt-link-freetext" target="_blank" href="https://lists.jboss.org/mailman/listinfo/keycloak-user">https://lists.jboss.org/mailman/listinfo/keycloak-user</a></pre>
</blockquote>
<br clear="none">
</div>
</div>
<br clear="none">
<br clear="none">
</div>
</div>
</div>
</div>
</blockquote>
<br clear="none">
</div></div></div><br><br></div> </div> </div> </div></body></html>