[keycloak-dev] sticky sessions, clustering, and authentication

Stian Thorgersen stian at redhat.com
Thu Jun 4 02:53:44 EDT 2015 


----- Original Message -----
> From: "Marek Posolda" <mposolda at redhat.com>
> To: "mike cirioli" <mikecirioli at gmail.com>, "Bill Burke" <bburke at redhat.com>
> Cc: keycloak-dev at lists.jboss.org
> Sent: Thursday, 4 June, 2015 8:49:03 AM
> Subject: Re: [keycloak-dev] sticky sessions, clustering, and authentication
> 
> Question is if the requirement for sticky sessions is not too
> restrictive? I guess not everyone want to use sticky sessions.
> 
> Maybe we should offer both possibilities (in-memory + sticky sessions OR
> AuthenticationSession saved in infinispan and replicated after each
> request) ?
> 
> Another question is if overhead of current replication is really so bad
> to introduce another abstraction and increase code complexity?

We're not using a replicated cache - we're using a distributed cache.

If anyone is worried about performance Google how Google works (hint: sharding) ;)

> 
> Marek
> 
> On 4.6.2015 01:49, mike cirioli wrote:
> > So sticky sessions would be needed only during the authentication phase,
> > and once complete an underlying clustered session would be created?
> >
> > On Jun 3, 2015 7:00 PM, Bill Burke <bburke at redhat.com> wrote:
> >> I was thinking a bit about performance in a cluster.  Right now a client
> >> session is created whenever login is initiated.  This ends up requiring
> >> the client session to be propagated to the cluster, either through a
> >> database insert/update or an infinispan replication.  Then, with each
> >> authentication/required action step, another insert/update/replication.
> >>
> >> I was thinking we should have an AuthenticationSession that was in
> >> memory only.  Then, once all authentication and required actions are
> >> finished, then create the usersession and client session.  This would
> >> require sticky sessions though with a load balancer.
> >>
> >> --
> >> Bill Burke
> >> JBoss, a division of Red Hat
> >> http://bill.burkecentral.com
> >> _______________________________________________
> >> keycloak-dev mailing list
> >> keycloak-dev at lists.jboss.org
> >> https://lists.jboss.org/mailman/listinfo/keycloak-dev
> > _______________________________________________
> > keycloak-dev mailing list
> > keycloak-dev at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/keycloak-dev
> 
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>

More information about the keycloak-dev mailing list