[keycloak-dev] Is it ok to support multiple managementUrls per application?
Marek Posolda
mposolda at redhat.com
Fri Oct 10 11:08:44 EDT 2014
On 10.10.2014 17:07, Marek Posolda wrote:
> The problem I am looking at is sending "Push NotBefore" from keycloak
> to adapters in cluster. Basically the info about push notBefore should
> be propagated to all cluster nodes where application is deployed.
>
> ATM I am seeing 2 possibilities:
>
> a) More managementUrls per ApplicationModel. People would need to
> configure all nodes where adapter is deployed . Then Keycloak (
> ResourceAdminManager ) will be able to send "global" events like
> pushNotBefore or "logoutAll" to all those nodes. "Normal" logouts will
> be sent just to single node like now .
>
> b) Ensure that notBefore can be replicated on adapters side. I don't
> like this tbh. It requires adapters to be in replicated cluster, which
> may not be an option for many deployments, who want to rely just on
> sticky session.
>
> Any of those is not super-ideal, but I don't have better idea to
> ensure cluster-safe propagation of NotBefore and global logout to all
> cluster nodes.
>
> Better ideas?
>
> I have (b) already prototyped and working, but wanted to have ack from
> you before go further, cleanup, start changing admin console etc.
oops, sorry. I have (a) working (model change to support multiple
managementUrls)
>
> Marek
More information about the keycloak-dev
mailing list