This should work just fine without sticky sessions. We also don't support sticky sessions at the moment as there's no cookie to stick on. We're going to look into supporting sticky sessions soon.

On 26 February 2016 at 09:29, Vlastimil Elias <velias@redhat.com> wrote:
What about configuring Loadbalancer to use sticky sessions?

Vlastimil

On 25.2.2016 16:10, Peter Krivansky wrote:

Hello,

 

I have a Keycloak cluster with two servers, in front of each Keaycloak is Apache running.

 

LB

/\

  Host A    Host B

 

Now, Host-A and Host-B are in different subnets, due to this design we are running jGroups via TCP.

Now everything is working fine, except for the Keycloak Admin console, once a user tries to log in, they get for a milisecond in to the Admin console, but then they get redirected to the login page immediately.

When I disable Host-A or Host-B on the Loadbalancer, (new sessions will land only on Hst-A or Host-B) the Login to Keycloak Admin Console will work normally.

During the immediate redirection there is only this one WARNING in the Server.log:

 

15:41:42,886 WARN  [org.jboss.resteasy.core.ExceptionHandler] (default task-10) Failed executing GET /admin/serverinfo: org.jboss.resteasy.spi.UnauthorizedException: Bearer

         at org.keycloak.services.resources.admin.AdminRoot.authenticateRealmAdminRequest(AdminRoot.java:156)

         at org.keycloak.services.resources.admin.AdminRoot.getServerInfo(AdminRoot.java:209)

         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

         at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)

         at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

         at java.lang.reflect.Method.invoke(Method.java:498)

         at org.jboss.resteasy.core.ResourceLocatorInvoker.createResource(ResourceLocatorInvoker.java:81)

         at org.jboss.resteasy.core.ResourceLocatorInvoker.createResource(ResourceLocatorInvoker.java:60)

         at org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:102)

         at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:356)

         at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)

         at org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)

         at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)

         at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)

         at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)

         at io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:86)

         at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:130)

         at org.keycloak.services.filters.KeycloakSessionServletFilter.doFilter(KeycloakSessionServletFilter.java:61)

         at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:60)

         at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:132)

         at io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:85)

         at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)

         at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)

         at org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)

         at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)

         at io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:131)

         at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)

         at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)

         at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)

         at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)

         at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:58)

         at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:72)

         at io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)

         at io.undertow.security.handlers.SecurityInitialHandler.handleRequest(SecurityInitialHandler.java:76)

         at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)

         at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)

         at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)

         at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)

         at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:282)

         at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:261)

         at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:80)

         at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:172)

         at io.undertow.server.Connectors.executeRootHandler(Connectors.java:199)

         at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:774)

         at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)

         at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)

         at java.lang.Thread.run(Thread.java:745)

 

I attached my domain.xml

Have I missed something, or what did I wrong? 

 

With Kind regards Peter



_______________________________________________
keycloak-dev mailing list
keycloak-dev@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev

-- 
Vlastimil Elias
Principal Software Engineer
Developer Portal Engineering Team

_______________________________________________
keycloak-dev mailing list
keycloak-dev@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev