[keycloak-user] Can not logout from demo broker
Andrej P
ado.boj.83 at gmail.com
Wed Nov 4 10:10:56 EST 2015
On Wed, Nov 4, 2015 at 3:48 PM, Marko Strukelj <mstrukel at redhat.com> wrote:
> Can you confirm that you see the following lines in
> your host-controller.log:
>
> [Server:authentication-server-demosetup] 15:58:23,220 INFO
> [org.wildfly.extension.undertow] (ServerService Thread Pool -- 72)
> WFLYUT0021: Registered web context: /auth
> [Server:authentication-server-demosetup] 15:58:23,267 INFO
> [org.jboss.as.server] (ServerService Thread Pool -- 36) WFLYSRV0010:
> Deployed "keycloak-server.war" (runtime-name : "keycloak-server.war")
>
No, this lines are missing in log.
>
>
> What does the following url show: http://localhost:8180/auth
>
I have to use lin http://192.168.56.10:8180/auth, because it is not
local machine by virtualized.
And answer is like I already before wrote: 404 - Not Found
>
> Infinispan in HA mode ensures there is a distributed cache layer in use.
> It means there are not two local caches with possibly different states.
> That's important if you use round-robin front end proxy without sticky
> sessions. Otherwise you may see strange Admin UI behaviour.
>
Now I am using this domain concept only in small or testing topology
without accent on HA
> On Wed, Nov 4, 2015 at 3:31 PM, Andrej P <ado.boj.83 at gmail.com> wrote:
>
>> Again inside text are my answers.
>>
>>
>>
>> On Wed, Nov 4, 2015 at 2:49 PM, Marko Strukelj <mstrukel at redhat.com>
>> wrote:
>>
>>> Your log.txt doesn't look right. Only a host controller is started - no
>>> server running your idbt-ha profile is started at all.
>>>
>>> There should be entries in the log looking like:
>>>
>>> [Server:configuration-server-demosetup] 15:58:05,712 INFO
>>> [org.jboss.modules] (main) JBoss Modules version 1.4.3.Final
>>> [Server:configuration-server-demosetup] 15:58:06,017 INFO
>>> [org.jboss.msc] (main) JBoss MSC version 1.2.6.Final
>>> [Server:configuration-server-demosetup] 15:58:06,118 INFO [org.jboss.as]
>>> (MSC service thread 1-6) WFLYSRV0049: WildFly Full 9.0.1.Final (WildFly
>>> Core 1.0.1.Final) starting
>>>
>> ...
>>>
>> In log /opt/wildfly-9.0.1.Final/domain/log/host-controller.log are
>> presnt your requested lines (log.txt was copied from command line)
>> 2015-11-04 13:38:43,479 INFO [org.jboss.as.host.controller]
>> (Controller Boot Thread) WFLYHC0023: Starting server
>> configuration-server-demosetup
>> 2015-11-04 13:38:46,125 INFO [org.jboss.as.host.controller] (Remoting
>> "demosetup:MANAGEMENT" task-4) WFLYHC0021: Server
>> [Server:configuration-server-demosetup] connected using connection
>> [Channel ID 656dd302 (inbound) of Remoting connection 1d425566 to /
>> 127.0.0.1:50449]
>> 2015-11-04 13:38:46,193 INFO [org.jboss.as.host.controller]
>> (Controller Boot Thread) WFLYHC0023: Starting server
>> authentication-server-demosetup
>> 2015-11-04 13:38:46,246 INFO [org.jboss.as.host.controller]
>> (server-registration-threads - 1) WFLYHC0020: Registering server
>> configuration-server-demosetup
>> 2015-11-04 13:38:53,794 INFO [org.jboss.as.host.controller] (Remoting
>> "demosetup:MANAGEMENT" task-8) WFLYHC0021: Server
>> [Server:authentication-server-demosetup] connected using connection
>> [Channel ID 3e8ad11c (inbound) of Remoting connection 67282c6a to /
>> 127.0.0.1:52804]
>> 2015-11-04 13:38:53,867 INFO [org.jboss.as.host.controller]
>> (server-registration-threads - 1) WFLYHC0020: Registering server
>> authentication-server-demosetup
>>
>>>
>>>
>>> There must be a problem with your host.xml file. You should have a
>>> server definition there referring to one of your server groups, for example:
>>>
>>> <servers>
>>> <server name="configuration-server-demosetup"
>>> group="group-authentication"/>
>>> ...
>>> </servers>
>>>
>> I attached host-idbt.xml now and from my point of view it looks fine.
>>
>>
>>>
>>> Also, in domain-idbt.xml your Infinispan cache is configured to be
>>> local. For distributed setup you should be using distributed Infinispan
>>> cache:
>>>
>>> <cache-container name="keycloak"
>>> jndi-name="infinispan/Keycloak">
>>> <transport lock-timeout="60000"/>
>>> <invalidation-cache name="realms" mode="SYNC"/>
>>> <invalidation-cache name="users" mode="SYNC"/>
>>> <distributed-cache name="sessions" mode="SYNC"
>>> owners="1"/>
>>> <distributed-cache name="loginFailures" mode="SYNC"
>>> owners="1"/>
>>> </cache-container>
>>>
>> In previous attached domain-idbt.xml I configured Infinispan cache
>> like local not distributed, is it conflict, have to be in HA mode?
>>
>>
>>
>>>
>>>
>>>
>>> On Wed, Nov 4, 2015 at 2:20 PM, Andrej P <ado.boj.83 at gmail.com> wrote:
>>>
>>>> Hi Marko,
>>>>
>>>> thanks for your hints, I went through but still w/o positive result.
>>>> I will write my comments inside your hints.
>>>> I attached 2 files: domain-idbt.xml - with added sections for keycloak
>>>> log.txt - log after start wildfly in command
>>>> line
>>>>
>>>> Br,
>>>> Andrej.
>>>>
>>>> On Tue, Nov 3, 2015 at 4:24 PM, Marko Strukelj <mstrukel at redhat.com>
>>>> wrote:
>>>>
>>>>> From your descriptions of the problem it sounds like your server-one
>>>>> which binds to port 8080 doesn't have keycloak-server configured at all -
>>>>> it's using a server group, that uses a different profile than the one you
>>>>> configured.
>>>>>
>>>> Our group/server/profile setup looks like:
>>>>
>>>> GROUP SERVER PROFILE configuration configuration-server-demosetup
>>>> idbt-ha authentication authentication-server-demosetup idbt-ha
>>>>
>>>>
>>>>>
>>>>> There are four profiles in the default domain.xml - default, ha, full,
>>>>> and full-ha
>>>>>
>>>> In our domain-idbt.xml are only 2 profiles:idbt-ha and
>>>> idbt-security and I modified inifinispan for idbt-ha (but ha is only in
>>>> name not used inside configuration)
>>>>
>>>>>
>>>>> If you want your multiple Keycloak instances to run in high
>>>>> availability mode, using a shared Infinispan cache, and a shared database,
>>>>> then that's the most complex of all configurations - you have to setup a
>>>>> standalone database, use "full-ha" profile to configure the datasource with
>>>>> proper database connection url, and configure the distributed Infinispan
>>>>> cache. Also add <subsystem xmlns="urn:jboss:domain:keycloak-server:1.1">
>>>>> declaration.
>>>>>
>>>>
>>>> I created Keycloak_DS, which was before missing.
>>>> I add : extension; inifinispan and subsystem section for Keycloak
>>>> inside my domain-idbt.xml (I attached finally modified domain-idbt.xml) Pls
>>>> you can check it inside.
>>>>
>>>>>
>>>>>
>>>>> In server-groups section define a new group or reuse existing one, and
>>>>> set its profile to "full-ha", and use "full-ha-sockets" binding group.
>>>>> In host.xml make sure that server definitions have the proper group
>>>>> set.
>>>>>
>>>>> Then you also have to copy some configurations.
>>>>>
>>>>> Assuming you have two servers defined in host.xml - called server-one,
>>>>> and server-two, create a directory:
>>>>>
>>>>> $WILDFLY_HOME/domain/servers/server-one/configuration
>>>>> $WILDFLY_HOME/domain/servers/server-two/configuration
>>>>>
>>>>> Then copy the following configurations from standalone/configuration:
>>>>>
>>>>> cp $WILDFLY_HOME/standalone/configuration/keycloak-server.json
>>>>> $WILDFLY_HOME/domain/servers/server-one/configuration/
>>>>> cp -r $WILDFLY_HOME/standalone/configuration/themes
>>>>> $WILDFLY_HOME/domain/servers/server-one/configuration/
>>>>> cp -r $WILDFLY_HOME/standalone/configuration/providers
>>>>> $WILDFLY_HOME/domain/servers/server-one/configuration/
>>>>>
>>>>> cp $WILDFLY_HOME/standalone/configuration/keycloak-server.json
>>>>> $WILDFLY_HOME/domain/servers/server-two/configuration/
>>>>> cp -r $WILDFLY_HOME/standalone/configuration/themes
>>>>> $WILDFLY_HOME/domain/servers/server-two/configuration/
>>>>> cp -r $WILDFLY_HOME/standalone/configuration/providers
>>>>> $WILDFLY_HOME/domain/servers/server-two/configuration/
>>>>>
>>>>
>>>> Done all creation and copying steps.
>>>>
>>>>
>>>>
>>>>
>>>>
>>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20151104/1d4edbfc/attachment.html
More information about the keycloak-user
mailing list