[keycloak-user] 1.1 Beta2 in Wildfly cluster

Schneider, John DODGE CONSULTING SERVICES, LLC John.Schneider at carrier.utc.com
Tue Dec 9 18:57:03 EST 2014


Hi,

Correction, I *thought* everything was running in Wildfly domain mode.  It turns out I just got lucky by hitting the same server node in my initial test.  After a reboot and further testing today, I’m not able to login to the Keycloak admin console when both nodes in my cluster are running.  After attempting login, I am either taken back to a blank login page, or I see error “Unknown code, please login again through your application.”  Once in awhile, I can login without error. I should note that I’m using an Apache reverse proxy via mod_cluster.

I see no errors in the server logs.  I do see message “JBAS010281: Started <x> cache from keycloak container” for each of “realms”, “sessions”, “loginFailures”, “users”.  So, it looks like my domain config is working.  However, I can’t tell for sure that Keycloak is attempting to use the infinispan caches.  Some additional log output showing the values from keycloak-server.json would be helpful.  I used the CLI to upload “/profile=full-ha/subsystem=keycloak/auth-server=keycloak-1/:update-server-config(bytes-to-upload=/usr/local/wildfly/domain/configuration/keycloak-server.json~,overwrite=true)”  The response was “success” and then I restarted Wildfly on both nodes in the cluster.

Has anyone been able to get Keycloak 1.1 Beta 2 working in a wildfly domain, and using mod_cluster?  If so, could you please provide guidance?

Thanks,
John

From: Schneider, John DODGE CONSULTING SERVICES, LLC
Sent: Monday, December 08, 2014 6:43 PM
To: keycloak-user at lists.jboss.org
Subject: 1.1 documentation update for running in domain HA mode

Hi guys,

Thanks so much for getting clustering support working in 1.1.  I have it up and running well in a Wildfly 8 domain setup under the “full-ha” profile.  One thing that I was pulling my hair out about for a while today were some errors related to Infinispan config.  I figured out that if running in HA cluster, you must include the “transport” element under the cache-container config (i.e. <transport lock-timeout=”60000” />).  It would be great if you could update Chapter 23 of the documentation to reflect this requirement.

Thanks,
John
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20141209/05dca411/attachment-0001.html 


More information about the keycloak-user mailing list