<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">If you enable debug logging for
"org.keycloak.services.DefaultKeycloakSessionFactory" you should
see in server log which providers are used? You should see
"infinispan" for userSessions, realmCache and userCache providers.
Am I understand correctly that you're using loadbalancer and
keycloak servers are behind it?<br>
<br>
Marek<br>
<br>
On 28.1.2015 02:33, Raghu Prabhala wrote:<br>
</div>
<blockquote
cite="mid:1546120285.939822.1422408837116.JavaMail.yahoo@mail.yahoo.com"
type="cite">
<div style="color:#000; background-color:#fff;
font-family:HelveticaNeue, Helvetica Neue, Helvetica, Arial,
Lucida Grande, sans-serif;font-size:16px">
<div id="yui_3_16_0_1_1422373808980_17482"><span></span></div>
<div id="yui_3_16_0_1_1422373808980_17522">Hi Marek - Need some
more help from you. I have a cluster of two nodes now and I
see the below message on both the nodes after I utilized tcp
instead of udp.</div>
<blockquote type="cite" id="yui_3_16_0_1_1422373808980_17500"
style="font-size: 16.3636360168457px;" class="">
<div id="yui_3_16_0_1_1422373808980_17499" style="font-size:
16px;" class="">
<div id="yiv1594198931yui_3_16_0_1_1421668961517_2535"
style="font-size: 16px;" class="">
<div id="yiv1594198931yui_3_16_0_1_1421668961517_2534"
style="font-size: 16px;" class="">
<div class=""
id="yiv1594198931yui_3_16_0_1_1421668961517_2560"
style="">
<div id="yiv1594198931" class="" style="">
<div
id="yiv1594198931yui_3_16_0_1_1421668961517_2559"
class="" style="">
<div class=""
id="yiv1594198931yui_3_16_0_1_1421668961517_2558"
style="">Received new cluster view:
[node1/keycloak|1] (2) [node1/keycloak,
node2/keycloak]</div>
<div class=""
id="yiv1594198931yui_3_16_0_1_1421668961517_2558"
style=""><br>
</div>
<div class=""
id="yiv1594198931yui_3_16_0_1_1421668961517_2558"
style="" dir="ltr">While testing the SAML IDP
functionality using Spring SAML as service
provider, I noticed that the session information
on one node was not getting replicated on the
second one (after successfully logging in with
1st node, I took it down and the second node
redirected me to login page instead of picking
up from where the first one left off)<br>
</div>
<div class=""
id="yiv1594198931yui_3_16_0_1_1421668961517_2558"
style="" dir="ltr"><br>
</div>
<div class=""
id="yiv1594198931yui_3_16_0_1_1421668961517_2558"
style="" dir="ltr">Tried to increase logging for
INFINISPAN and JGroups in standalone.xml but
didn't see any change in logs. Any suggestions
on how I can figure out what is happening?</div>
<div class=""
id="yiv1594198931yui_3_16_0_1_1421668961517_2558"
style="" dir="ltr"><br>
</div>
<div class=""
id="yiv1594198931yui_3_16_0_1_1421668961517_2558"
style="" dir="ltr">Thanks,</div>
<div class=""
id="yiv1594198931yui_3_16_0_1_1421668961517_2558"
style="" dir="ltr">Raghu</div>
</div>
</div>
</div>
</div>
</div>
</div>
</blockquote>
<div style="font-family: HelveticaNeue, Helvetica Neue,
Helvetica, Arial, Lucida Grande, sans-serif; font-size: 16px;"
id="yui_3_16_0_1_1422373808980_17485">
<div style="font-family: HelveticaNeue, Helvetica Neue,
Helvetica, Arial, Lucida Grande, sans-serif; font-size:
16px;" id="yui_3_16_0_1_1422373808980_17484">
<div dir="ltr" id="yui_3_16_0_1_1422373808980_17483">
<hr id="yui_3_16_0_1_1422373808980_17511" size="1"> <font
id="yui_3_16_0_1_1422373808980_17486" face="Arial"
size="2"> <b><span style="font-weight:bold;">From:</span></b>
Raghu Prabhala <a class="moz-txt-link-rfc2396E" href="mailto:prabhalar@yahoo.com"><prabhalar@yahoo.com></a><br>
<b><span style="font-weight: bold;">To:</span></b> Marek
Posolda <a class="moz-txt-link-rfc2396E" href="mailto:mposolda@redhat.com"><mposolda@redhat.com></a> <br>
<b><span style="font-weight: bold;">Cc:</span></b>
Keycloak-user <a class="moz-txt-link-rfc2396E" href="mailto:keycloak-user@lists.jboss.org"><keycloak-user@lists.jboss.org></a> <br>
<b><span style="font-weight: bold;">Sent:</span></b>
Friday, January 23, 2015 2:19 PM<br>
<b><span style="font-weight: bold;">Subject:</span></b>
Re: [keycloak-user] Keycloak Clustering Issues<br>
</font> </div>
<div class="y_msg_container"
id="yui_3_16_0_1_1422373808980_17487"><br>
<div id="yiv1594198931">
<div id="yui_3_16_0_1_1422373808980_17489">
<div id="yui_3_16_0_1_1422373808980_17488">Figured out
the issue. Udp communication was not allowed. So
switched to "tcp". Updated the Jira 979 with the
settings for tcp. Please update your documentation
so that it can benefit others <br clear="none">
<br clear="none">
Sent from my iPhone</div>
<div class="qtdSeparateBR"><br>
<br>
</div>
<div class="yiv1594198931yqt9673161606"
id="yiv1594198931yqt52494">
<div><br clear="none">
On Jan 19, 2015, at 11:02 AM, Marek Posolda <<a
moz-do-not-send="true" rel="nofollow"
shape="rect"
ymailto="mailto:mposolda@redhat.com"
target="_blank"
href="mailto:mposolda@redhat.com">mposolda@redhat.com</a>>
wrote:<br clear="none">
<br clear="none">
</div>
<blockquote type="cite">
<div> </div>
</blockquote>
</div>
</div>
<div class="yiv1594198931yqt9673161606"
id="yiv1594198931yqt92689">
<div id="yui_3_16_0_1_1422373808980_17498">
<div class="yiv1594198931moz-cite-prefix"
id="yui_3_16_0_1_1422373808980_17497">oops, sorry.
The server-info page was added recently and it's
not in 1.1.Beta2. It would be available in
1.1.0.Final (or alternative is to build keycloak
from master). Anyway, if you enable debug logging
for
org.keycloak.services.DefaultKeycloakSessionFactory
you should see in server.log which providers are
used and hence you should see 'infinispan' for
realmCache, userCache and userSessions.<br
clear="none">
<br clear="none">
We also recently added "Troubleshooting" page to
clustering docs, which might help you to figure
out what ports are needed <a
moz-do-not-send="true" rel="nofollow"
shape="rect"
class="yiv1594198931moz-txt-link-freetext"
target="_blank"
href="https://github.com/keycloak/keycloak/blob/master/docbook/reference/en/en-US/modules/clustering.xml#L222"
id="yui_3_16_0_1_1422373808980_17496">https://github.com/keycloak/keycloak/blob/master/docbook/reference/en/en-US/modules/clustering.xml#L222</a>
. You can try to temporarily disable firewall and
see if it helps with cluster communication. Then
you can figure more accurately which ports you
need to open.<br clear="none">
<br clear="none">
But generally we rely on infinispan/jgroups for
cluster, so more info about cluster config and
switch between udp/tcp should be available in
their docs.<br clear="none">
<br clear="none">
Marek<br clear="none">
<br clear="none">
On 19.1.2015 13:32, prab rrrr wrote:<br
clear="none">
</div>
<blockquote type="cite"
id="yui_3_16_0_1_1422373808980_17500">
<div
style="color:#000;background-color:#fff;font-family:HelveticaNeue,
Helvetica Neue, Helvetica, Arial, Lucida Grande,
sans-serif;font-size:16px;"
id="yui_3_16_0_1_1422373808980_17499">
<div><span></span></div>
<div dir="ltr"
id="yiv1594198931yui_3_16_0_1_1421668961517_2548">Hi
Marek - Thanks for the below pointers. I
believe my setup is good but probably the udp
communication is blocked in my organization as
I do not see the specific log you mentioned.
Here are some of the log messages I see:</div>
<div dir="ltr"
id="yiv1594198931yui_3_16_0_1_1421668961517_2596"><br
clear="none">
</div>
<div dir="ltr"
id="yiv1594198931yui_3_16_0_1_1421668961517_2597">Starting
JGroups channel</div>
<div dir="ltr"
id="yiv1594198931yui_3_16_0_1_1421668961517_2598">Received
new cluster view ... node 1 (no
information about node2)<br clear="none">
</div>
<div dir="ltr"
id="yiv1594198931yui_3_16_0_1_1421668961517_2754">I
will look at JGroups documentation to have the
communication setup using tcp on a different
port. Hopefully that would address the
problem.</div>
<div dir="ltr"
id="yiv1594198931yui_3_16_0_1_1421668961517_2764"><br
clear="none">
</div>
<div dir="ltr"
id="yiv1594198931yui_3_16_0_1_1421668961517_2765">I
tried out the url you provided to verify the
setup but it doesn't work - checked on two
different setups. fyi - I am using 1.1Beta2
version.</div>
<div dir="ltr"
id="yiv1594198931yui_3_16_0_1_1421668961517_2766"><br
clear="none">
</div>
<div dir="ltr"
id="yiv1594198931yui_3_16_0_1_1421668961517_2767">Regards,</div>
<div dir="ltr">Raghu</div>
<div
id="yiv1594198931yui_3_16_0_1_1421668961517_2535"
style="font-family:HelveticaNeue, Helvetica
Neue, Helvetica, Arial, Lucida Grande,
sans-serif;font-size:16px;">
<div
id="yiv1594198931yui_3_16_0_1_1421668961517_2534"
style="font-family:HelveticaNeue, Helvetica
Neue, Helvetica, Arial, Lucida Grande,
sans-serif;font-size:16px;">
<div dir="ltr"
id="yiv1594198931yui_3_16_0_1_1421668961517_2533">
<hr
id="yiv1594198931yui_3_16_0_1_1421668961517_2739"
size="1"> <font
id="yiv1594198931yui_3_16_0_1_1421668961517_2532"
face="Arial" size="2"> <b><span
style="font-weight:bold;">From:</span></b>
Marek Posolda <a moz-do-not-send="true"
rel="nofollow" shape="rect"
class="yiv1594198931moz-txt-link-rfc2396E"
ymailto="mailto:mposolda@redhat.com"
target="_blank"
href="mailto:mposolda@redhat.com"><mposolda@redhat.com></a><br
clear="none">
<b><span style="font-weight:bold;">To:</span></b>
prab rrrr <a moz-do-not-send="true"
rel="nofollow" shape="rect"
class="yiv1594198931moz-txt-link-rfc2396E"
ymailto="mailto:prabhalar@yahoo.com"
target="_blank"
href="mailto:prabhalar@yahoo.com"><prabhalar@yahoo.com></a>;
Keycloak-user <a moz-do-not-send="true"
rel="nofollow" shape="rect"
class="yiv1594198931moz-txt-link-rfc2396E"
ymailto="mailto:keycloak-user@lists.jboss.org" target="_blank"
href="mailto:keycloak-user@lists.jboss.org"><keycloak-user@lists.jboss.org></a>
<br clear="none">
<b><span style="font-weight:bold;">Sent:</span></b>
Monday, January 19, 2015 6:09 AM<br
clear="none">
<b><span style="font-weight:bold;">Subject:</span></b>
Re: [keycloak-user] Keycloak Clustering
Issues<br clear="none">
</font> </div>
<div class="yiv1594198931y_msg_container"
id="yiv1594198931yui_3_16_0_1_1421668961517_2560"><br
clear="none">
<div id="yiv1594198931">
<div
id="yiv1594198931yui_3_16_0_1_1421668961517_2559">
<div
class="yiv1594198931moz-cite-prefix"
id="yiv1594198931yui_3_16_0_1_1421668961517_2558">That's quite strange.
I've just tested same scenario and
works fine for me. If you do any
change on user, the user is
invalidated from cache on node-1 and
this change about invalidation
should be propagated to node-2 . As
long as you have shared database,
node-2 should then retrieve newest
data about shared user from
database. <br clear="none">
<br clear="none">
I would suggest to try this:<br
clear="none">
<br clear="none">
* Make sure that your infinispan
cluster is correctly set. You can
check it by seeing the message
similar to this in server.log of
both nodes: node_1 | 10:49:50,344
INFO
[org.infinispan.remoting.transport.jgroups.JGroupsTransport]
(Incoming-10,shared=udp) ISPN000094:
Received new cluster view:
[node1/keycloak|1] (2)
[node1/keycloak, node2/keycloak]<br
clear="none">
<br clear="none">
* Make sure that you enable
"infinispan" as provider of
realmCache and userCache and
configured connectionsInfinispan .
When you open admin console on any
node like: <a
moz-do-not-send="true"
rel="nofollow" shape="rect"
class="yiv1594198931moz-txt-link-freetext"
id="yiv1594198931yui_3_16_0_1_1421668961517_2599" target="_blank"
onclick="return
theMainWindow.showLinkWarning(this)"
href="http://localhost:8080/auth/admin/master/console/index.html#/server-info">http://node-1:8080/auth/admin/master/console/index.html#/server-info</a><br
clear="none">
<br clear="none">
you should see:<br clear="none">
connectionsInfinispan default<br
clear="none">
realmCache infinispan<br
clear="none">
userCache infinispan<br clear="none">
userSessions infinispan<br
clear="none">
<br clear="none">
* If still seeing issues, you can
try to enable trace logging for
"org.keycloak.models.cache.infinispan"
category.<br clear="none">
<br clear="none">
Hope this helps,<br clear="none">
Marek<br clear="none">
<br clear="none">
<br clear="none">
On 17.1.2015 04:32, prab rrrr wrote:<br
clear="none">
</div>
<blockquote
id="yiv1594198931yui_3_16_0_1_1421668961517_2713"
type="cite">
<div
class="yiv1594198931qtdSeparateBR"><br
clear="none">
<br clear="none">
</div>
<div
class="yiv1594198931yqt9566109160"
id="yiv1594198931yqt12189">
<div
id="yiv1594198931yui_3_16_0_1_1421668961517_2712"
style="color:rgb(0, 0,
0);font-family:HelveticaNeue,
Helvetica Neue, Helvetica,
Arial, Lucida Grande,
sans-serif;font-size:16px;background-color:rgb(255,
255, 255);">
<div dir="ltr"
id="yiv1594198931yui_3_16_0_1_1421464230104_2309">
Anyone noticed any issues with
Infinispan? I saw a weird
issue. After setting up a
cluster with two nodes, made
some changes on node-1
(created a user and changed
the first name). While the
user appeared on node-2, the
change to the first name
didn't make it. Restarting the
node-2 didn't help either.
Wondering if Infinispan is
preventing all the changes to
be picked up from database. If
so, what settings would ensure
that the data is consistent
between the nodes?</div>
<div dir="ltr"
id="yiv1594198931yui_3_16_0_1_1421464230104_2333"><br
clear="none">
</div>
<div dir="ltr"
id="yiv1594198931yui_3_16_0_1_1421464230104_2334">Thanks,</div>
<div dir="ltr"
id="yiv1594198931yui_3_16_0_1_1421464230104_2335">Raghu</div>
</div>
</div>
<br clear="none">
<fieldset
class="yiv1594198931mimeAttachmentHeader"></fieldset>
<br clear="none">
<pre>_______________________________________________
keycloak-user mailing list
<a moz-do-not-send="true" rel="nofollow" shape="rect" class="yiv1594198931moz-txt-link-abbreviated" ymailto="mailto:keycloak-user@lists.jboss.org" target="_blank" href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a>
<a moz-do-not-send="true" rel="nofollow" shape="rect" class="yiv1594198931moz-txt-link-freetext" target="_blank" href="https://lists.jboss.org/mailman/listinfo/keycloak-user">https://lists.jboss.org/mailman/listinfo/keycloak-user</a></pre>
</blockquote>
<br clear="none">
</div>
</div>
<br clear="none">
<br clear="none">
</div>
</div>
</div>
</div>
</blockquote>
<br clear="none">
</div>
</div>
</div>
<br>
<br>
</div>
</div>
</div>
</div>
</blockquote>
<br>
</body>
</html>