We had a bug
https://issues.jboss.org/browse/KEYCLOAK-2412 that there
are errors when sync of users from federationProvider is triggered
concurrently in more cluster nodes. This affects periodic sync as well.
To avoid concurrent executions of same task, I've added ClusterProvider.
This is based on infinispan and it provides some locking functionality
to ensures that sync from federation can be executed just by one cluster
node at a time. Even on single node (non-cluster setup), now you can't
trigger sync multiple times concurrently. So for example if there is
periodic sync in progress and you click in admin console on "Sync
users", the sync won't happen.
The same mechanism is now also used for scheduled tasks (Removing
expired user sessions and expired events). Nobody reported any bug yet,
however when removing of expired events/sessions is triggered
concurrently by more cluster nodes, it can be issue too. So this is now
avoided. Maybe we can improve even more and ensure that just cluster
coordinator will run scheduled tasks and other nodes will just ignore them?
ClusterProvider also adds possibility to register ClusterListener with
any task, that should be executed once notification from any cluster
node comes. This allows that when some federation provider is
created/updated/removed, then all nodes are aware of the change and will
immediately change (or remove) scheduled timer.
PR is here
https://github.com/keycloak/keycloak/pull/2234
Marek