The docs state that "By default there's nothing to prevent unauthorized nodes from joining the cluster and sending potentially malicious messages to the cluster." (http://keycloak.github.io/docs/userguide/keycloak-server/html/clustering.html)
Is this still the case if the jgroups stack in Wildfly has implemented the AUTH protocol? For example, the Openshift Wildfly config looks something like this: <stack name="tcp">
<transport type="TCP" socket-binding="jgroups-tcp">
<property name="external_addr">${env.OPENSHIFT_GEAR_DNS}</property>
<property name="external_port">${env.OPENSHIFT_WILDFLY_CLUSTER_PROXY_PORT}</property>
<property name="bind_port">${env.OPENSHIFT_WILDFLY_CLUSTER_PORT}</property>
<property name="bind_addr">${env.OPENSHIFT_WILDFLY_IP}</property>
<property name="defer_client_bind_addr">true</property>
</transport>
<protocol type="TCPPING">
<property name="timeout">30000</property>
<property name="initial_hosts">${env.OPENSHIFT_WILDFLY_CLUSTER}</property>
<property name="port_range">0</property>
<property name="num_initial_members">1</property>
</protocol>
<protocol type="MERGE2"/>
<protocol type="FD"/>
<protocol type="VERIFY_SUSPECT"/>
<protocol type="BARRIER"/>
<protocol type="pbcast.NAKACK"/>
<protocol type="UNICAST2"/>
<protocol type="pbcast.STABLE"/>
<protocol type="AUTH">
<property name="auth_class">org.jgroups.auth.MD5Token</property>
<property name="token_hash">SHA</property>
<property name="auth_value">${env.OPENSHIFT_SECRET_TOKEN}</property>
</protocol>
<protocol type="pbcast.GMS"/>
<protocol type="UFC"/>
<protocol type="MFC"/>
<protocol type="FRAG2"/>
<!--protocol type="pbcast.STATE_TRANSFER"/>
<protocol type="pbcast.FLUSH"/-->
</stack>--
Matthew Casperson
Senior Front End Developer
Technology, Space & Distribution
Auto & General Holdings Pty Ltd
P: 07) 3377 8751 (Direct: 3377 8751)
F: 07) 3377 8833
