<div dir="ltr"><div>It sounds like you have an issue with the Infinispan configuration. There's a few threads in the mailing list about setting up clustering on AWS.<br></div></div><div class="gmail_extra"><br><div class="gmail_quote">On 23 May 2016 at 14:49, Riedel, Sven <span dir="ltr"><<a href="mailto:Sven.Riedel@glomex.com" target="_blank">Sven.Riedel@glomex.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi,<br>
after enabling sticky sessions on the loadbalancer, the login works.<br>
Cranking up the logs to "debug" told me that the "RestartLoginCookies<br>
client session does not match the code's clientSession".<br>
<br>
The phrasing leads me to believe that the session was not shared in the<br>
infinispans cache among the nodes. I'll still need to figure out if the<br>
cache distribution per se isn't working, or if this was a special case for<br>
commandline generated users.<br>
<br>
Regards,<br>
Sven<br>
<div class="HOEnZb"><div class="h5"><br>
<br>
<br>
Am 2016-05-23 12:59 schrieb "Riedel, Sven" unter <<a href="mailto:Sven.Riedel@glomex.com">Sven.Riedel@glomex.com</a>>:<br>
<br>
>Hi,<br>
>I'm set up keycloak 1.9.4final on AWS as an HA-cluster using JDBC-Ping for<br>
>infinispan group management behind an load balancer.<br>
>Now, when I create a user with the bin/add-user-keycloak.sh script and<br>
>restart keycloak on the respektive instance, I get the message "You took<br>
>too long to login. Login process starting from beginning." on my first try<br>
>to login with the newly created account. On my second try, I just get "An<br>
>error occurred, please login again through your application."<br>
><br>
>From what I can see, the account is successfully being created in the<br>
>database. The login attempts happen within one minute of restarting the<br>
>keycloak service. In the console log I can see the message<br>
>"type=LOGIN_ERROR, realmId=master, clientId=null, userId=null,<br>
>ipAddress=a.b.c.d, error=expired_code, restart_after_timeout=true" on the<br>
>first attempt and "type=LOGIN_ERROR, realmId=master, clientId=null,<br>
>userId=null, ipAddress=a.b.c.d, error=invalid_code" on the second attempt.<br>
><br>
>I'm a bit at a loss as to how to proceed, to get the admin user set up<br>
>properly and get the login to work. Any pointers would be appreciated.<br>
><br>
>Regards,<br>
>Sven<br>
><br>
><br>
>--<br>
>Sven Riedel<br>
>Senior Systemsarchitect<br>
><br>
>glomex GmbH<br>
>Ein Unternehmen der ProSiebenSat.1 Media SE<br>
><br>
>Medienallee 4<br>
>D-85774 Unterföhring<br>
>Tel. <a href="tel:%2B49%20%5B89%5D%209507-8167" value="+498995078167">+49 [89] 9507-8167</a><br>
><a href="mailto:sven.riedel@glomex.com">sven.riedel@glomex.com</a><br>
><br>
>Geschäftsführer: Michael Jaschke, Arnd Mückenberger<br>
>HRB 224542 AG München<br>
>USt.-ID.-Nr. DE 218559421<br>
>St.-Nr. <a href="tel:143%2F141%2F71293" value="+14314171293">143/141/71293</a><br>
><br>
><br>
><br>
><br>
<br>
<br>
_______________________________________________<br>
keycloak-user mailing list<br>
<a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a></div></div></blockquote></div><br></div>