Re: [keycloak-user] Unable To Use Refresh Token

Depending on your setup, you should be using either standalone-ha.xml or standalone-full-ha.xml to run in cluster. --Hynek On Tue, Mar 7, 2017 at 2:52 PM, Sagar Ahire <sagarahire(a)arvindinternet.com&gt; wrote: > I'm using the standard keycloak 2.4.0 docker image, I modified the > standalone.xml in docker file. I've increased owners count to 4. following > are the tags I changed in *standalone.xml*. > <distributed-cache name="sessions" mode="SYNC" owners="4"/> > <distributed-cache name="offlineSessions" mode="SYNC" owners="4"/> > <distributed-cache name="loginFailures" mode="SYNC" owners="4"/> > <distributed-cache name="authorization" mode="SYNC" owners="4"/> > > But still facing the same issue. Is standalone.xml the correct file I need > to change? or I'm missing something here. > > > regards, > -Sagar > > On Mon, Mar 6, 2017 at 7:31 PM, Andrew Zenk <azenk(a)umn.edu&gt; wrote: > >> Have you increased the owner count for the various caches to something >> greater than 1? >> >> On Mar 6, 2017 7:56 AM, "Sagar Ahire" <sagarahire(a)arvindinternet.com&gt; >> wrote: >> >>> Hello, >>> >>> I've deployed keyclock 2.4.0 in a kubernetes environment. While refreshing >>> the access token I'm getting following response. >>> {'error': 'invalid_grant', 'error_description': 'Client session not >>> active'}. >>> >>> Here is what I did: >>> Step1: First, I generated three access tokens and refresh tokens >>> (rf1,rf2,rf3), then I used this refresh_tokens to refresh the access >>> tokens. I got the access tokens successfully for all three requests. >>> (Successful scenario) >>> >>> Step2: I restarted some of the pods from the keyclock cluster, I tried to >>> refresh the access tokens using the same refresh tokens(rf1,rf2,rf3) >>> again, >>> using rf1 I could refresh the access token but using rf2,rf3 I got the >>> response mentioned above ('client session not active'). I made sure rf2 >>> and >>> rf3 are not expired. >>> >>> I'm unable to use refresh token even though it is not expired. I suspect >>> session created on one pod is not properly shared between all the members >>> of a cluster and I'm loosing the session if one of my pod is restarted or >>> goes down. >>> >>> Can someone please suggest any solution for this? Any help would be >>> greatly >>> appreciated. >>> >>> >>> >>> >>> regards, >>> -Sagar >>> _______________________________________________ >>> keycloak-user mailing list >>> keycloak-user(a)lists.jboss.org >>> https://lists.jboss.org/mailman/listinfo/keycloak-user >>> >> > _______________________________________________ > keycloak-user mailing list > keycloak-user(a)lists.jboss.org > https://lists.jboss.org/mailman/listinfo/keycloak-user -- --Hynek