[keycloak-user] Can not logout from demo broker

Marko Strukelj mstrukel at redhat.com
Wed Nov 4 08:49:02 EST 2015


Your log.txt doesn't look right. Only a host controller is started - no
server running your idbt-ha profile is started at all.

There should be entries in the log looking like:

[Server:configuration-server-demosetup] 15:58:05,712 INFO
 [org.jboss.modules] (main) JBoss Modules version 1.4.3.Final
[Server:configuration-server-demosetup] 15:58:06,017 INFO  [org.jboss.msc]
(main) JBoss MSC version 1.2.6.Final
[Server:configuration-server-demosetup] 15:58:06,118 INFO  [org.jboss.as]
(MSC service thread 1-6) WFLYSRV0049: WildFly Full 9.0.1.Final (WildFly
Core 1.0.1.Final) starting
...


There must be a problem with your host.xml file. You should have a server
definition there referring to one of your server groups, for example:

<servers>
        <server name="configuration-server-demosetup"
group="group-authentication"/>
        ...
</servers>

Also, in domain-idbt.xml your Infinispan cache is configured to be local.
For distributed setup you should be using distributed Infinispan cache:

              <cache-container name="keycloak"
jndi-name="infinispan/Keycloak">
                    <transport lock-timeout="60000"/>
                    <invalidation-cache name="realms" mode="SYNC"/>
                    <invalidation-cache name="users" mode="SYNC"/>
                    <distributed-cache name="sessions" mode="SYNC"
owners="1"/>
                    <distributed-cache name="loginFailures" mode="SYNC"
owners="1"/>
              </cache-container>



On Wed, Nov 4, 2015 at 2:20 PM, Andrej P <ado.boj.83 at gmail.com> wrote:

> Hi Marko,
>
> thanks for your hints, I went through but still w/o positive result.
> I will write my comments inside your hints.
> I attached 2 files: domain-idbt.xml - with added sections for keycloak
>                           log.txt - log after start wildfly in command line
>
> Br,
> Andrej.
>
> On Tue, Nov 3, 2015 at 4:24 PM, Marko Strukelj <mstrukel at redhat.com>
> wrote:
>
>> From your descriptions of the problem it sounds like your server-one
>> which binds to port 8080 doesn't have keycloak-server configured at all -
>> it's using a server group, that uses a different profile than the one you
>> configured.
>>
>     Our group/server/profile setup looks like:
>
>   GROUP SERVER PROFILE   configuration configuration-server-demosetup
> idbt-ha   authentication authentication-server-demosetup idbt-ha
>
>
>>
>> There are four profiles in the default domain.xml - default, ha, full,
>> and full-ha
>>
>     In our domain-idbt.xml are only 2 profiles:idbt-ha and idbt-security
> and I modified inifinispan for idbt-ha (but ha is only in name not used
> inside configuration)
>
>>
>> If you want your multiple Keycloak instances to run in high availability
>> mode, using a shared Infinispan cache, and a shared database, then that's
>> the most complex of all configurations - you have to setup a standalone
>> database, use "full-ha" profile to configure the datasource with proper
>> database connection url, and configure the distributed Infinispan cache.
>> Also add <subsystem xmlns="urn:jboss:domain:keycloak-server:1.1">
>> declaration.
>>
>
>     I created Keycloak_DS, which was before missing.
>     I add : extension; inifinispan and subsystem section for Keycloak
> inside my domain-idbt.xml (I attached finally modified domain-idbt.xml) Pls
> you can check it inside.
>
>>
>>
>> In server-groups section define a new group or reuse existing one, and
>> set its profile to "full-ha", and use "full-ha-sockets" binding group.
>> In host.xml make sure that server definitions have the proper group set.
>>
>> Then you also have to copy some configurations.
>>
>> Assuming you have two servers defined in host.xml - called server-one,
>> and server-two, create a directory:
>>
>> $WILDFLY_HOME/domain/servers/server-one/configuration
>> $WILDFLY_HOME/domain/servers/server-two/configuration
>>
>> Then copy the following configurations from standalone/configuration:
>>
>> cp $WILDFLY_HOME/standalone/configuration/keycloak-server.json
>> $WILDFLY_HOME/domain/servers/server-one/configuration/
>> cp -r $WILDFLY_HOME/standalone/configuration/themes
>> $WILDFLY_HOME/domain/servers/server-one/configuration/
>> cp -r $WILDFLY_HOME/standalone/configuration/providers
>> $WILDFLY_HOME/domain/servers/server-one/configuration/
>>
>> cp $WILDFLY_HOME/standalone/configuration/keycloak-server.json
>> $WILDFLY_HOME/domain/servers/server-two/configuration/
>> cp -r $WILDFLY_HOME/standalone/configuration/themes
>> $WILDFLY_HOME/domain/servers/server-two/configuration/
>> cp -r $WILDFLY_HOME/standalone/configuration/providers
>> $WILDFLY_HOME/domain/servers/server-two/configuration/
>>
>
>   Done all creation and copying steps.
>
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20151104/1c1be9fd/attachment.html 


More information about the keycloak-user mailing list