By default the adapters will require sticky sessions, please refer to http://keycloak.github.io/docs/userguide/keycloak-server/html/applicationClustering.html for more information

On 22 January 2016 at 12:48, Christian Beikov <christian.beikov@gmail.com> wrote:
Hello,

I am running some tests with my application cluster being secured by a
single keycloak server instance and I encountered problems with the adapter.

My application cluster contains 2 nodes and is load balanced by nginx.
For testing purposes, I enabled round robin load balancing which is
probably the "cause" for my issues.

When I access a secured page, I get redirected to keycloak and
everything is fine. When I then login, and keycloak redirects me back to
the application, I get to a different application cluster node because
of round robin. On that node, apparently the initial information of the
client session is not available and I get redirected to keycloak login
page again. Then keycloak redirects me back to the application, this
time to the original node, and says that access is forbidden.

I suppose the web session caches are not in sync but I just used the
default cache containers as they are defined in standalone-ha.xml of my
Wildlfy 10 CR4. Clustering with jgroups works, as I use other
distributed caches too which work just fine.

We are using Keycloak 1.8.0.CR2 on a Wildfly 10 CR4

Regards,
Christian
_______________________________________________
keycloak-dev mailing list
keycloak-dev@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev