I don't see anything in our documentation for Keycloak SAML adapter. Not
sure if we support clustering or not. Maybe someone else knows.
But I think that if you have <distributable /> in your applications and
it still doesn't work, then feel free to create JIRA.
Marek
On 20/01/17 17:29, Pulkit Gupta wrote:
We can't really move to OIDC as we have already used SAML for a
number
of apps.
Is clustering not supported by SAML client adapters for Jboss?
Regards,
Pulkit
On Fri, Jan 20, 2017 at 1:47 PM, Marek Posolda <mposolda(a)redhat.com
<mailto:mposolda@redhat.com>> wrote:
This is supposed to work for Keycloak OIDC clients and some docs
is here
https://keycloak.gitbooks.io/securing-client-applications-guide/content/t...
<
https://keycloak.gitbooks.io/securing-client-applications-guide/content/t...
.
I don't know about Keycloak SAML clients. Is it an alternative for
you to try OIDC instead of SAML?
Marek
On 20/01/17 08:19, Pulkit Gupta wrote:
Hi All,
I am running multiple applications deployed on a Jboss cluster
with
infinispan used as a cache and for distributed sessions.
I verified and can see that session replication is working for
a normal
application where I can see the same session on all the
servers in the
cluster and hence the application is working fine without session
stickiness.
However when I am trying to use any Keycloak SAML client based
application
it is only working if the request is going to a particular box
in the
cluster. On all the other boxes we are getting errors.
>From this behavior I am concluding that somehow for Keycloak
based
applications sessions are not getting replicated.
Both these applications has <distributable /> tag in them so I
am not sure
why it is showing different behaviour.
I know we can fix this by just enabling session stickiness but
we want the
sessions to be replicated as well.
This is because we want to make our set up more resilient.
Also in case of
logout when Keycloak is sending a back channel logout request
it amy send
it to any server in the cluster.
If the sessions are not properly replicated then the logout
will fail as
the session will remain preserved on some other server in the
cluster.
Can someone please suggest me something what to try.
--
Thanks,
Pulkit
AMS