On 13/03/18 20:10, Soumya Mishra wrote:
Anyone knows anything about this?
On Mon, Mar 12, 2018 at 1:06 PM, Soumya Mishra <soumya.mishra(a)aktana.com>
wrote:
> Hello All,
>
> I am facing a problem with running keycloak in standalone clustered mode
> (i.e, standalone-ha) mode. I have a set of 3 clusters and using a load
> balancer on top of it.
>
> I am able to login properly each time. But the refresh_token and
> offline_access token flow is not working properly because the load balancer
> is hitting different instances at different times. It only works when the
> load balancer hits the instance from which the token was generated.
>
> I compared various tokens generated by all the different instances and I
> see that iss, iat and jti values are different for each of the tokens. Is
> it a problem?
No, it shouldn't be. That is expected.
Is shared database correctly set? And are sessions replicated? I suggest
you try to open admin console and open tab "sessions" for any realm,
user or client. You can open it in all 3 nodes (alternatively open it
through loadbalancer until you make sure that loadbalancer redirects it
to different 3 nodes if you can't open Keycloak backend nodes directly)
and compare if "sessions" are same on every node. If not, then your
clustering setup is broken.
We have some info in our clustering docs, I suggest to look there.
Marek
>
> Please let me know if anybody has any idea how this issue should be fixed
> or where I am doing wrong.
>
> Regards,
> Soumya
>
>
>
>
>
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user