[keycloak-user] Clustering on localhost with shared DB

Marek Posolda mposolda at redhat.com
Fri Apr 24 13:06:16 EDT 2015 

Hi Libor,

the config files looks good (at least for the first look), but question 
is if you're using loadbalancer?

If you're not using loadbalancer and you access keycloak servers 
directly on localhost:8080 and localhost:8180, the problem might be just 
in the fact that browser cookie KEYCLOAK_IDENTITY is not shared between 
them and hence going to localhost:8180 will not find KEYCLOAK_IDENTITY 
cookie from localhost:8080 and will try to create new session.

You can check admin console or account management and list available 
user sessions on both nodes. If both cluster nodes have same sessions, 
then replication of userSessions works fine, but only issue is really 
the cookie.

I suspect that in production, you will use loadbalancer, so this issue 
won't happen.

Marek

On 24.4.2015 15:50, Libor Krzyžanek wrote:
> Attaching keycloak-server.json and standalone-ha.xml
>
> Thanks,
>
> Libor Krzyžanek
> jboss.org <http://jboss.org> Development Team
>
>
>
>
>
>> On 24 Apr 2015, at 15:36, Stian Thorgersen <stian at redhat.com 
>> <mailto:stian at redhat.com>> wrote:
>>
>> Can you attach your keycloak-server.json and standalone.xml?
>>
>> ----- Original Message -----
>>> From: "Libor Krzyžanek" <lkrzyzan at redhat.com 
>>> <mailto:lkrzyzan at redhat.com>>
>>> To: "keycloak-user" <keycloak-user at lists.jboss.org 
>>> <mailto:keycloak-user at lists.jboss.org>>
>>> Sent: Friday, 24 April, 2015 3:12:29 PM
>>> Subject: [keycloak-user] Clustering on localhost with shared DB
>>>
>>> Hi,
>>> I’m trying to achieve full user session replication which means when I’m
>>> logged in on node 1 and then hit node 2 then I expect to be logged 
>>> in but
>>> I’m forced to log in again.
>>>
>>> I have:
>>> 1. two localhost nodes with JBoss EAP 6.4 + War installation
>>> 2. Postgres
>>> 3. EAP cofigured based on
>>> http://docs.jboss.org/keycloak/docs/1.2.0.Beta1/userguide/html/clustering.html
>>>
>>> I triedeither
>>> <distributed-cache name="sessions" mode="SYNC" owners=“ 2 " />
>>> <distributed-cache name="loginFailures" mode="SYNC" owners=“ 2 " />
>>> or
>>> <replicated-cache name="sessions" mode="SYNC"/>
>>> <replicated-cache name="loginFailures" mode="SYNC”/>
>>> but with same result.
>>>
>>> I’m starting nodes by
>>> ./jb1/bin/standalone.sh --server-config=standalone-ha.xml
>>> -Djboss.node.name=node1
>>> ./jb2/bin/standalone.sh --server-config=standalone-ha.xml
>>> -Djboss.socket.binding.port-offset=100 -Djboss.node.name=node2
>>>
>>>
>>> both jb1 and jb2 are identical and they know each other (Received 
>>> new cluster
>>> view: [node1/keycloak|1] [node1/keycloak, node2/keycloak])
>>>
>>> How do you test clustering of KC please?
>>>
>>> Thanks,
>>>
>>> Libor Krzyžanek
>>> jboss.org Development Team
>>>
>>>
>>> _______________________________________________
>>> keycloak-user mailing list
>>> keycloak-user at lists.jboss.org
>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20150424/f174cd15/attachment.html

More information about the keycloak-user mailing list