I have set up a keycloak cluster and generate tokens via
/auth/realms/master/protocol/openid-connect/token.
The problem is that an access token can only be used to perform subsequent
requests on the SAME SERVER that issued the token. Attempts to make a
request (e.g., /auth/admin/realms/master) on another server in the cluster
results in a response of "Bearer" and an error in that server's log.
Shouldn't the access tokens be available across the cluster?
As a side node, the refresh tokens DO appear to be cached, so caching does
appear to be working on some level.
As a second question: What data is stored in the session and authentication
caches? How does this relate to the access and refresh tokens?
Show replies by date