Hi all,

What would we need to do to make Keycloak user sessions persistent in the database?

I think the information in: http://lists.jboss.org/pipermail/keycloak-user/2015-April/001921.html is not relevant anymore with Keycloak 1.9.0? Specifically:

"userSessions": {
        "provider": "jpa"
    }

Does not seem to work (“Failed to find provider jpa for userSessions”). User sessions are now managed using Infinispan by default if I understand correctly: http://keycloak.github.io/docs/userguide/keycloak-server/html/clustering.html#d4e3292 ?

Is there a way to make user sessions persistent? 

Our issue is that we send out a lot of activation (‘update password’) emails from our (single) Keycloak server to new users and since we have a continuous delivery pipeline Keycloak does down and up quite a bit and every time it restarts all temporary log in tokens used for these update password actions are lost (since they are stored in memory only). And if I understand correctly these tokens are actually a sort of user sessions.

cheers

Edgar


On 29 Feb 2016, at 17:52, Edgar Vonk - Info.nl <Edgar@info.nl> wrote:

Hi,

See if I understand this correctly: in the default set up of Keycloak sessions and temporary tokens are not persisted in the Keycloak database? So consider this scenario:

1/ login as admin to master realm
2/ go to Users - Credentials and send a ‘Update Password’ reset action email
3/ user receives an email with a link with a unique token to update his/her password in Keycloak
4/ Keycloak server is restarted for whatever reason
5/ the temporary ‘login action token’ no longer exists and the link from 3/ no longer works

Is this correct and expected behaviour?

And if so, can somebody maybe point us in the direction to solve this? I.e. by making sessions/tokens by persistent I guess.

cheers

Edgar