HTTP session replicate is not enabled by default. You need to enable it for
your application.
On 25 January 2016 at 14:39, Christian Beikov <christian.beikov(a)gmail.com>
wrote:
The documentation states, that the default token-store is
"session" and as
I wrote before, I have setup clustering on my Wildfly 10 CR4 like in
standalone-ha.xml, so the session should already be replicated.
Regards,
Christian
Am 25.01.2016 um 14:20 schrieb Stian Thorgersen:
Your issue doesn't have anything to do with the Keycloak server side user
sessions, they don't require sticky sessions.
Your issue is down to the http session on the adapter side not being
replicated by default. For the adapter you've got 3 choices: sticky
session, replicated session or stateless. Which is best depends on your
application.
On 25 January 2016 at 14:05, Christian Beikov <
<christian.beikov@gmail.com>christian.beikov(a)gmail.com> wrote:
> I don't have a problem with sticky sessions and I will definitively
> configure them, but I am curious. What is the reason for the problems with
> round robin in this test scenario? Are the infinispan caches not replicated
> fast enough or is there an implementation limitation in the adapters?
>
> Regards,
> Christian
>
>
> Am 25.01.2016 um 08:58 schrieb Stian Thorgersen:
>
> By default the adapters will require sticky sessions, please refer to
>
<
http://keycloak.github.io/docs/userguide/keycloak-server/html/application...
>
http://keycloak.github.io/docs/userguide/keycloak-server/html/application...
> for more information
>
> On 22 January 2016 at 12:48, Christian Beikov <
> <christian.beikov@gmail.com>christian.beikov(a)gmail.com> wrote:
>
>> Hello,
>>
>> I am running some tests with my application cluster being secured by a
>> single keycloak server instance and I encountered problems with the
>> adapter.
>>
>> My application cluster contains 2 nodes and is load balanced by nginx.
>> For testing purposes, I enabled round robin load balancing which is
>> probably the "cause" for my issues.
>>
>> When I access a secured page, I get redirected to keycloak and
>> everything is fine. When I then login, and keycloak redirects me back to
>> the application, I get to a different application cluster node because
>> of round robin. On that node, apparently the initial information of the
>> client session is not available and I get redirected to keycloak login
>> page again. Then keycloak redirects me back to the application, this
>> time to the original node, and says that access is forbidden.
>>
>> I suppose the web session caches are not in sync but I just used the
>> default cache containers as they are defined in standalone-ha.xml of my
>> Wildlfy 10 CR4. Clustering with jgroups works, as I use other
>> distributed caches too which work just fine.
>>
>> We are using Keycloak 1.8.0.CR2 on a Wildfly 10 CR4
>>
>> Regards,
>> Christian
>> _______________________________________________
>> keycloak-dev mailing list
>> keycloak-dev(a)lists.jboss.org
>>
https://lists.jboss.org/mailman/listinfo/keycloak-dev
>>
>
>
>