I just wrote that I configured clustering for my application just like
in the standlone-ha.xml of my Wildfly 10 CR4.
I configured the jgroups subsystem and the distributed caches for web
sessions as it is done in standalone-ha.xml of Wildfly.
If there is anything else that should be configured, can you please
point me to that configuration option?
Regards,
Christian
Am 25.01.2016 um 15:45 schrieb Stian Thorgersen:
HTTP session replicate is not enabled by default. You need to enable
it for your application.
On 25 January 2016 at 14:39, Christian Beikov
<christian.beikov(a)gmail.com <mailto:christian.beikov@gmail.com>> wrote:
The documentation states, that the default token-store is
"session" and as I wrote before, I have setup clustering on my
Wildfly 10 CR4 like in standalone-ha.xml, so the session should
already be replicated.
Regards,
Christian
Am 25.01.2016 um 14:20 schrieb Stian Thorgersen:
> Your issue doesn't have anything to do with the Keycloak server
> side user sessions, they don't require sticky sessions.
>
> Your issue is down to the http session on the adapter side not
> being replicated by default. For the adapter you've got 3
> choices: sticky session, replicated session or stateless. Which
> is best depends on your application.
>
>
> On 25 January 2016 at 14:05, Christian Beikov
> <christian.beikov(a)gmail.com <mailto:christian.beikov@gmail.com>>
> wrote:
>
> I don't have a problem with sticky sessions and I will
> definitively configure them, but I am curious. What is the
> reason for the problems with round robin in this test
> scenario? Are the infinispan caches not replicated fast
> enough or is there an implementation limitation in the adapters?
>
>
> Regards,
> Christian
>
>
> Am 25.01.2016 um 08:58 schrieb Stian Thorgersen:
>> By default the adapters will require sticky sessions, please
>> refer to
>>
http://keycloak.github.io/docs/userguide/keycloak-server/html/application...
>> for more information
>>
>> On 22 January 2016 at 12:48, Christian Beikov
>> <christian.beikov(a)gmail.com
>> <mailto:christian.beikov@gmail.com>> wrote:
>>
>> Hello,
>>
>> I am running some tests with my application cluster
>> being secured by a
>> single keycloak server instance and I encountered
>> problems with the adapter.
>>
>> My application cluster contains 2 nodes and is load
>> balanced by nginx.
>> For testing purposes, I enabled round robin load
>> balancing which is
>> probably the "cause" for my issues.
>>
>> When I access a secured page, I get redirected to
>> keycloak and
>> everything is fine. When I then login, and keycloak
>> redirects me back to
>> the application, I get to a different application
>> cluster node because
>> of round robin. On that node, apparently the initial
>> information of the
>> client session is not available and I get redirected to
>> keycloak login
>> page again. Then keycloak redirects me back to the
>> application, this
>> time to the original node, and says that access is
>> forbidden.
>>
>> I suppose the web session caches are not in sync but I
>> just used the
>> default cache containers as they are defined in
>> standalone-ha.xml of my
>> Wildlfy 10 CR4. Clustering with jgroups works, as I use
>> other
>> distributed caches too which work just fine.
>>
>> We are using Keycloak 1.8.0.CR2 on a Wildfly 10 CR4
>>
>> Regards,
>> Christian
>> _______________________________________________
>> keycloak-dev mailing list
>> keycloak-dev(a)lists.jboss.org
>> <mailto:keycloak-dev@lists.jboss.org>
>>
https://lists.jboss.org/mailman/listinfo/keycloak-dev
>>
>>
>
>