[keycloak-dev] Application Clustering problems

Stian Thorgersen sthorger at redhat.com
Mon Jan 25 02:58:34 EST 2016


By default the adapters will require sticky sessions, please refer to
http://keycloak.github.io/docs/userguide/keycloak-server/html/applicationClustering.html
for more information

On 22 January 2016 at 12:48, Christian Beikov <christian.beikov at gmail.com>
wrote:

> Hello,
>
> I am running some tests with my application cluster being secured by a
> single keycloak server instance and I encountered problems with the
> adapter.
>
> My application cluster contains 2 nodes and is load balanced by nginx.
> For testing purposes, I enabled round robin load balancing which is
> probably the "cause" for my issues.
>
> When I access a secured page, I get redirected to keycloak and
> everything is fine. When I then login, and keycloak redirects me back to
> the application, I get to a different application cluster node because
> of round robin. On that node, apparently the initial information of the
> client session is not available and I get redirected to keycloak login
> page again. Then keycloak redirects me back to the application, this
> time to the original node, and says that access is forbidden.
>
> I suppose the web session caches are not in sync but I just used the
> default cache containers as they are defined in standalone-ha.xml of my
> Wildlfy 10 CR4. Clustering with jgroups works, as I use other
> distributed caches too which work just fine.
>
> We are using Keycloak 1.8.0.CR2 on a Wildfly 10 CR4
>
> Regards,
> Christian
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-dev/attachments/20160125/29e53db4/attachment.html 


More information about the keycloak-dev mailing list