[keycloak-dev] Facing Issue with Resource Server in Clustered Environment

Stian Thorgersen stian at redhat.com
Fri Jan 30 02:47:52 EST 2015



----- Original Message -----
> From: "Bappaditya Gorai (bgorai)" <bgorai at cisco.com>
> To: "Stian Thorgersen" <stian at redhat.com>
> Cc: keycloak-dev at lists.jboss.org
> Sent: Friday, 30 January, 2015 8:38:49 AM
> Subject: RE: [keycloak-dev] Facing Issue with Resource Server in Clustered	Environment
> 
> We are not talking about clustering for Keycloak server. The setup is for
> Resource Server (Keycloak Adapter)  in clustered environment.

Same answer

> 
> Thanks
> Bappaditya Gorai
> 
> -----Original Message-----
> From: Stian Thorgersen [mailto:stian at redhat.com]
> Sent: Friday, January 30, 2015 12:57 PM
> To: Bappaditya Gorai (bgorai)
> Cc: keycloak-dev at lists.jboss.org
> Subject: Re: [keycloak-dev] Facing Issue with Resource Server in Clustered
> Environment
> 
> 1.0.4.Final had very limited support for clustering, please upgrade to
> 1.1.0.Final and refer to chapter 24 and 25 in the documentation
> (http://docs.jboss.org/keycloak/docs/1.1.0.Final/userguide/html/clustering.html).
> 
> ----- Original Message -----
> > From: "Bappaditya Gorai (bgorai)" <bgorai at cisco.com>
> > To: keycloak-dev at lists.jboss.org
> > Sent: Friday, 30 January, 2015 8:22:26 AM
> > Subject: [keycloak-dev] Facing Issue with Resource Server in Clustered
> > 	Environment
> > 
> > 
> > 
> > Hi Team,
> > 
> > Please find the details on setup and observation below. Please provide
> > your suggestion on how to overcome this issue. We are using Keycloak
> > 1.0.4.Final (Adapter & Server).
> > 
> > 
> > 
> > 
> > 
> > Setup:
> > 
> > 1. We have brought up Jboss cluster ( Using mod_cluster, httpd ) with
> > 2 nodes in domain mode and enabled session replication between these nodes.
> > 
> > 2. Our Recourse server is deployed in this clustered environment with
> > distributable and Sticky session Off.
> > 
> > 
> > 
> > Behavior observed :
> > 
> > During the Authorization/Authentication process ,when Initial
> > call(Resource
> > Access) lands on master and next redirection (post Code To token)
> > falls on slave Adapter is treating it as a new session and redirecting
> > to login URL again. So we ended up with circular redirection error.
> > After further investigation seems like session replication delay is
> > causing adapter to behave this way. As the redirection call happens
> > very quickly and this results in circular redirection error.
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > NOTE: Sticky Session in mod_cluster environment solves the issue but
> > it does not provide true load balancing. Therefore we are not
> > considering Stick session option.
> > 
> > 
> > 
> > 
> > 
> > Thanks
> > 
> > Bappaditya Gorai
> > 
> > _______________________________________________
> > keycloak-dev mailing list
> > keycloak-dev at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/keycloak-dev
> 


More information about the keycloak-dev mailing list