5:59 a.m.
Hi,
I'm set up keycloak 1.9.4final on AWS as an HA-cluster using JDBC-Ping for
infinispan group management behind an load balancer.
Now, when I create a user with the bin/add-user-keycloak.sh script and
restart keycloak on the respektive instance, I get the message "You took
too long to login. Login process starting from beginning." on my first try
to login with the newly created account. On my second try, I just get "An
error occurred, please login again through your application."
From what I can see, the account is successfully being created in the
database. The login attempts happen within one minute of restarting the
keycloak service. In the console log I can see the message
"type=LOGIN_ERROR, realmId=master, clientId=null, userId=null,
ipAddress=a.b.c.d, error=expired_code, restart_after_timeout=true" on the
first attempt and "type=LOGIN_ERROR, realmId=master, clientId=null,
userId=null, ipAddress=a.b.c.d, error=invalid_code" on the second attempt.
I'm a bit at a loss as to how to proceed, to get the admin user set up
properly and get the login to work. Any pointers would be appreciated.
Regards,
Sven
--
Sven Riedel
Senior Systemsarchitect
glomex GmbH
Ein Unternehmen der ProSiebenSat.1 Media SE
Medienallee 4
D-85774 Unterföhring
Tel. +49 [89] 9507-8167
sven.riedel(a)glomex.com
Geschäftsführer: Michael Jaschke, Arnd Mückenberger
HRB 224542 AG München
USt.-ID.-Nr. DE 218559421
St.-Nr. 143/141/71293
7:49 a.m.
Hi,
after enabling sticky sessions on the loadbalancer, the login works.
Cranking up the logs to "debug" told me that the "RestartLoginCookies
client session does not match the code's clientSession".
The phrasing leads me to believe that the session was not shared in the
infinispans cache among the nodes. I'll still need to figure out if the
cache distribution per se isn't working, or if this was a special case for
commandline generated users.
Regards,
Sven
Am 2016-05-23 12:59 schrieb "Riedel, Sven" unter
<Sven.Riedel(a)glomex.com>:
Hi,
I'm set up keycloak 1.9.4final on AWS as an HA-cluster using JDBC-Ping for
infinispan group management behind an load balancer.
Now, when I create a user with the bin/add-user-keycloak.sh script and
restart keycloak on the respektive instance, I get the message "You took
too long to login. Login process starting from beginning." on my first try
to login with the newly created account. On my second try, I just get "An
error occurred, please login again through your application."
From what I can see, the account is successfully being created in the
database. The login attempts happen within one minute of restarting the
keycloak service. In the console log I can see the message
"type=LOGIN_ERROR, realmId=master, clientId=null, userId=null,
ipAddress=a.b.c.d, error=expired_code, restart_after_timeout=true" on the
first attempt and "type=LOGIN_ERROR, realmId=master, clientId=null,
userId=null, ipAddress=a.b.c.d, error=invalid_code" on the second attempt.
I'm a bit at a loss as to how to proceed, to get the admin user set up
properly and get the login to work. Any pointers would be appreciated.
Regards,
Sven
--
Sven Riedel
Senior Systemsarchitect
glomex GmbH
Ein Unternehmen der ProSiebenSat.1 Media SE
Medienallee 4
D-85774 Unterföhring
Tel. +49 [89] 9507-8167
sven.riedel(a)glomex.com
Geschäftsführer: Michael Jaschke, Arnd Mückenberger
HRB 224542 AG München
USt.-ID.-Nr. DE 218559421
St.-Nr. 143/141/71293
12:14 a.m.
It sounds like you have an issue with the Infinispan configuration. There's
a few threads in the mailing list about setting up clustering on AWS.
On 23 May 2016 at 14:49, Riedel, Sven <Sven.Riedel(a)glomex.com> wrote:
Hi,
after enabling sticky sessions on the loadbalancer, the login works.
Cranking up the logs to "debug" told me that the "RestartLoginCookies
client session does not match the code's clientSession".
The phrasing leads me to believe that the session was not shared in the
infinispans cache among the nodes. I'll still need to figure out if the
cache distribution per se isn't working, or if this was a special case for
commandline generated users.
Regards,
Sven
Am 2016-05-23 12:59 schrieb "Riedel, Sven" unter
<Sven.Riedel(a)glomex.com>:
>Hi,
>I'm set up keycloak 1.9.4final on AWS as an HA-cluster using JDBC-Ping for
>infinispan group management behind an load balancer.
>Now, when I create a user with the bin/add-user-keycloak.sh script and
>restart keycloak on the respektive instance, I get the message "You took
>too long to login. Login process starting from beginning." on my first try
>to login with the newly created account. On my second try, I just get "An
>error occurred, please login again through your application."
>
>From what I can see, the account is successfully being created in the
>database. The login attempts happen within one minute of restarting the
>keycloak service. In the console log I can see the message
>"type=LOGIN_ERROR, realmId=master, clientId=null, userId=null,
>ipAddress=a.b.c.d, error=expired_code, restart_after_timeout=true" on the
>first attempt and "type=LOGIN_ERROR, realmId=master, clientId=null,
>userId=null, ipAddress=a.b.c.d, error=invalid_code" on the second attempt.
>
>I'm a bit at a loss as to how to proceed, to get the admin user set up
>properly and get the login to work. Any pointers would be appreciated.
>
>Regards,
>Sven
>
>
>--
>Sven Riedel
>Senior Systemsarchitect
>
>glomex GmbH
>Ein Unternehmen der ProSiebenSat.1 Media SE
>
>Medienallee 4
>D-85774 Unterföhring
>Tel. +49 [89] 9507-8167
>sven.riedel(a)glomex.com
>
>Geschäftsführer: Michael Jaschke, Arnd Mückenberger
>HRB 224542 AG München
>USt.-ID.-Nr. DE 218559421
>St.-Nr. 143/141/71293
>
>
>
>
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
3151
days inactive
3153
days old
2 comments
2 participants
participants (2)
-
Riedel, Sven -
Stian Thorgersen