Try google for wildfly replicate http sessions
On 25 January 2016 at 15:53, Christian Beikov <christian.beikov(a)gmail.com>
wrote:
I just wrote that I configured clustering for my application just
like in
the standlone-ha.xml of my Wildfly 10 CR4.
I configured the jgroups subsystem and the distributed caches for web
sessions as it is done in standalone-ha.xml of Wildfly.
If there is anything else that should be configured, can you please point
me to that configuration option?
Regards,
Christian
Am 25.01.2016 um 15:45 schrieb Stian Thorgersen:
HTTP session replicate is not enabled by default. You need to enable it
for your application.
On 25 January 2016 at 14:39, Christian Beikov <christian.beikov(a)gmail.com>
wrote:
> The documentation states, that the default token-store is "session" and
> as I wrote before, I have setup clustering on my Wildfly 10 CR4 like in
> standalone-ha.xml, so the session should already be replicated.
>
> Regards,
> Christian
>
>
> Am 25.01.2016 um 14:20 schrieb Stian Thorgersen:
>
> Your issue doesn't have anything to do with the Keycloak server side user
> sessions, they don't require sticky sessions.
>
> Your issue is down to the http session on the adapter side not being
> replicated by default. For the adapter you've got 3 choices: sticky
> session, replicated session or stateless. Which is best depends on your
> application.
>
>
> On 25 January 2016 at 14:05, Christian Beikov <
> <christian.beikov@gmail.com>christian.beikov(a)gmail.com> wrote:
>
>> I don't have a problem with sticky sessions and I will definitively
>> configure them, but I am curious. What is the reason for the problems with
>> round robin in this test scenario? Are the infinispan caches not replicated
>> fast enough or is there an implementation limitation in the adapters?
>>
>
>> Regards,
>> Christian
>>
>>
>> Am 25.01.2016 um 08:58 schrieb Stian Thorgersen:
>>
>> By default the adapters will require sticky sessions, please refer to
>>
<
http://keycloak.github.io/docs/userguide/keycloak-server/html/application...
>>
http://keycloak.github.io/docs/userguide/keycloak-server/html/application...
>> for more information
>>
>> On 22 January 2016 at 12:48, Christian Beikov <
>> <christian.beikov@gmail.com>christian.beikov(a)gmail.com> wrote:
>>
>>> Hello,
>>>
>>> I am running some tests with my application cluster being secured by a
>>> single keycloak server instance and I encountered problems with the
>>> adapter.
>>>
>>> My application cluster contains 2 nodes and is load balanced by nginx.
>>> For testing purposes, I enabled round robin load balancing which is
>>> probably the "cause" for my issues.
>>>
>>> When I access a secured page, I get redirected to keycloak and
>>> everything is fine. When I then login, and keycloak redirects me back to
>>> the application, I get to a different application cluster node because
>>> of round robin. On that node, apparently the initial information of the
>>> client session is not available and I get redirected to keycloak login
>>> page again. Then keycloak redirects me back to the application, this
>>> time to the original node, and says that access is forbidden.
>>>
>>> I suppose the web session caches are not in sync but I just used the
>>> default cache containers as they are defined in standalone-ha.xml of my
>>> Wildlfy 10 CR4. Clustering with jgroups works, as I use other
>>> distributed caches too which work just fine.
>>>
>>> We are using Keycloak 1.8.0.CR2 on a Wildfly 10 CR4
>>>
>>> Regards,
>>> Christian
>>> _______________________________________________
>>> keycloak-dev mailing list
>>> <keycloak-dev@lists.jboss.org>keycloak-dev(a)lists.jboss.org
>>> <
https://lists.jboss.org/mailman/listinfo/keycloak-dev>
>>>
https://lists.jboss.org/mailman/listinfo/keycloak-dev
>>>
>>
>>
>>
>
>