In keycloak-server.json set userSessionProvider to JPA:
"userSessions": {
"provider": "jpa"
}
You also need to either disable realm and user caches:
"realmCache": {
"provider": "none"
},
"userCache": {
"provider": "none"
}
Or use Infinispan invalidation caches as the clustering documentation suggests.
Bear in mind that if you store user sessions in db and don't use the caches you'll
be generating a fair bit of db traffic, so it won't scale extremely well.
----- Original Message -----
From: "Kalinga Dissanayake" <kalinga(a)leapset.com>
To: "Stian Thorgersen" <stian(a)redhat.com>
Cc: keycloak-user(a)lists.jboss.org
Sent: Tuesday, 7 April, 2015 1:37:38 PM
Subject: Re: Externalising session storage in keycloak
What should I do to store sessions in the database? Is there a guide to do
this? Should I implement any SPI?
Kalinga
-----Original Message-----
From: "Stian Thorgersen" <stian(a)redhat.com>
Sent: Tuesday, April 7, 2015 11:50am
To: "Kalinga Dissanayake" <kalinga(a)leapset.com>
Cc: keycloak-user(a)lists.jboss.org
Subject: Re: Externalising session storage in keycloak
We have support for using either Infinispan or a database (relational or
Mongo) to store the user sessions when load balanced.
If performance is not a problem you can just go with storing sessions in the
database. Otherwise go with Infinispan, see
http://docs.jboss.org/keycloak/docs/1.2.0.Beta1/userguide/html/clustering...
for the details on how to configure that. To use a replicated cache instead
of a distributed cache use the following config for Infinspan:
<subsystem xmlns="urn:jboss:domain:infinispan:2.0">
<cache-container name="keycloak" jndi-name="infinispan/Keycloak"
start="EAGER">
<transport lock-timeout="60000"/>
<invalidation-cache name="realms" mode="SYNC"/>
<invalidation-cache name="users" mode="SYNC"/>
<replicated-cachename="sessions" mode="SYNC"/>
<replicated-cache name="loginFailures" mode="SYNC"/>
</cache-container>
...
</subsystem>
You can also just use the configuration from the docs above but set
'owners="2"'.
----- Original Message -----
> From: "Kalinga Dissanayake" <kalinga(a)leapset.com>
> To: keycloak-user(a)lists.jboss.org
> Cc: "Stian Thorgersen" <stian(a)redhat.com>
> Sent: Monday, 6 April, 2015 2:13:42 PM
> Subject: Externalising session storage in keycloak
>
>
> Guys i know this has been discussed before, but im trying to find a simple
> number of steps for me to externalize the session storage in keycloak.
> I just need to do the following;
> 1. Two servers running keycloak (wildfly)
> 2. A load balancer in front of these two servers. Preferably an AWS
> loadbalancer
> 3. I need to store the session details on an external store so that the
> sessions work accurately.
>
> There is so much documentation for this but I am actually confused as to
> what
> i should do and the bare minimum i should do to achieve this. I dont need a
> distributed cache or anything just need one cache store (may be infinispan
> or memcached) and the two keycloak servers running storing the sessions on
> that. Is there one key place i should look into which contains the bare
> minimum i should do.
>
> Kalinga.
>