In our environment, we've seen sticky sessions fail in ~5% of requests. We
generally avoid it. I'll play around with the clustering to see how it
works.
On Wed, Aug 3, 2016 at 7:50 PM Bill Burke <bburke(a)redhat.com> wrote:
you don't need session replication, just load balancer sticky
sessions.
Basically the HTTP load balancer sets a cookie when you visit for the first
time. Based on that cookie the load balancer knows which machine you are
"stuck" on and will continually route the browser to that same machine.
On 8/3/16 7:04 PM, John D. Ament wrote:
Mmmph ok. Do you know how quickly sessions replicate now? Last time I
did this it was about a minute which didn't perform well for me. This is
going back at least 6 years though.
On Aug 3, 2016 18:50, "Bill Burke" <bburke(a)redhat.com> wrote:
> I think SAML would be ok so long as you have sticky sessions enabled with
> your load balancer.
>
> On 8/3/16 6:07 PM, John D. Ament wrote:
>
> Thanks Bill. What if I'm primarily using SAML? Same session issue?
>
> John
>
> On Wed, Aug 3, 2016 at 5:17 PM Bill Burke <bburke(a)redhat.com> wrote:
>
>> It is required. The auth code flow for OAuth is an out of band HTTP
>> request so you may be loadbalanced to a machine that doesn't have the user
>> session. We have "sticky sessions" for out of band requests like this
>> planned, but not implemented yet.
>>
>> On 8/3/16 4:55 PM, John D. Ament wrote:
>>
>> Hey,
>>
>> I was wondering, is clustering actually required on the keycloak server
>> if I have multiple deployed? Or will it read data from the database?
>>
>> John
>>
>>
>> _______________________________________________
>> keycloak-user mailing
listkeycloak-user@lists.jboss.orghttps://lists.jboss.org/mailman/listinfo/keycloak-user
>>
>>
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user(a)lists.jboss.org
>>
https://lists.jboss.org/mailman/listinfo/keycloak-user
>
>
>