On 28/02/18 11:15, Shankar_Bhaskaran wrote:
We are running 2 standalone instances of keycloak with a shared database(later on a
clustered database) in active passive mode using haproxy as the loadbalancer . I had
tested some rest services by running the request again with the same bearer token with
the active keycloak server down and passive server now becomes active one and it still
Can we run 2 instances of keycloak in the standalone mode behind a proxy with a shared
database ? Or should we cluster it first using standlone-ha.xml configuration?
What features will be disabled if we use the former way of loadbalancing keycloak
suggest to always rather use clustered keycloak with standalone-ha.xml
and since you want failover support, increase number of owners to 2 for
One of the things, which won't work for the former setup (with
standalone instances) is the replication of user sessions. In other
words, userSession created on node1 won't be visible on node2. The
scenario you mentioned may work (EG. the REST endpoint triggered on
node2 will be able to successfully verify accessToken created on node1).
However access tokens are usually short lived and it is assumed that you
periodically "refresh" them (our adapters do refresh automatically). And
refreshing the token requires userSession to be present, so with the
former setup, it will fail as userSession created on node1 won't be
available on node2.
User session is one example. There are some other things, which won't
work. We never tried to test such setup and I wouldn't do it.
keycloak-dev mailing list