Thanks for the detailed description. Still, It seems in
case of Clustered Resource environment (distributable
without Sticky sessions) we are relying on session
replication to happen immediately between CODE_TO_TOKEN and
Resource Hit(302), which may or
may not happen. We are now facing the same issue where After
CODE_TO_TOKEN client is redirected to Login URL again.
Are we addressing this scenario with 1.1.0 Final ?
Thanks
Bappaditya Gorai
-----Original Message-----
From: Marek Posolda [
mailto:mposolda@redhat.com]
Sent: Monday, February 02, 2015 2:00 PM
To: Bappaditya Gorai (bgorai); Stian Thorgersen
Cc:
keycloak-dev@lists.jboss.org
Subject: Re: [keycloak-dev] Facing Issue with Resource
Server in Clustered Environment
Hi,
it's not stateless by default. Data about keycloak
authenticated principal are saved in HTTP session by default
and can be replicated across cluster nodes (replication
works as long as your application is marked as
"distributable" in web.xml).
However we support stateless adapter, which won't save
anything in HTTP Session and won't create HTTP session and
JSESSIONID cookie at all (unless you're calling
httpRequest.getSession() in your own application). Instead
all the data are saved in cookie.
Some more info in docs:
Marek
On 30.1.2015 11:26, Bappaditya Gorai (bgorai) wrote:
> Thanks for clarifying. So, I think adapter has
become stateless in 1.1.0.Final. Is my understanding
correct?
>
>
> -----Original Message-----
> Sent: Friday, January 30, 2015 1:18 PM
> To: Bappaditya Gorai (bgorai)
> Subject: Re: [keycloak-dev] Facing Issue with
Resource Server in
> Clustered Environment
>
>
>
> ----- Original Message -----
>> Sent: Friday, 30 January, 2015 8:38:49 AM
>> Subject: RE: [keycloak-dev] Facing Issue with
Resource Server in Clustered Environment
>>
>> We are not talking about clustering for Keycloak
server. The setup is
>> for Resource Server (Keycloak Adapter) in
clustered environment.
> Same answer
>
>> Thanks
>> Bappaditya Gorai
>>
>> -----Original Message-----
>> Sent: Friday, January 30, 2015 12:57 PM
>> To: Bappaditya Gorai (bgorai)
>> Subject: Re: [keycloak-dev] Facing Issue with
Resource Server in
>> Clustered Environment
>>
>> 1.0.4.Final had very limited support for
clustering, please upgrade
>> to 1.1.0.Final and refer to chapter 24 and 25 in
the documentation
>>
>> ----- Original Message -----
>>> Sent: Friday, 30 January, 2015 8:22:26 AM
>>> Subject: [keycloak-dev] Facing Issue with
Resource Server in Clustered
>>> Environment
>>>
>>>
>>>
>>> Hi Team,
>>>
>>> Please find the details on setup and
observation below. Please
>>> provide your suggestion on how to overcome
this issue. We are using
>>> Keycloak 1.0.4.Final (Adapter & Server).
>>>
>>>
>>>
>>>
>>>
>>> Setup:
>>>
>>> 1. We have brought up Jboss cluster ( Using
mod_cluster, httpd )
>>> with
>>> 2 nodes in domain mode and enabled session
replication between these nodes.
>>>
>>> 2. Our Recourse server is deployed in this
clustered environment
>>> with distributable and Sticky session Off.
>>>
>>>
>>>
>>> Behavior observed :
>>>
>>> During the Authorization/Authentication
process ,when Initial
>>> call(Resource
>>> Access) lands on master and next redirection
(post Code To token)
>>> falls on slave Adapter is treating it as a
new session and
>>> redirecting to login URL again. So we ended
up with circular redirection error.
>>> After further investigation seems like
session replication delay is
>>> causing adapter to behave this way. As the
redirection call happens
>>> very quickly and this results in circular
redirection error.
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> NOTE: Sticky Session in mod_cluster
environment solves the issue but
>>> it does not provide true load balancing.
Therefore we are not
>>> considering Stick session option.
>>>
>>>
>>>
>>>
>>>
>>> Thanks
>>>
>>> Bappaditya Gorai
>>>
>>>
_______________________________________________
>>> keycloak-dev mailing list
> _______________________________________________
> keycloak-dev mailing list