[keycloak-user] Logouts / how to disable keycloak "user session" cache?
Thomas Darimont
thomas.darimont at googlemail.com
Thu Apr 7 06:44:22 EDT 2016
Hello,
have a look at this thread:
http://lists.jboss.org/pipermail/keycloak-user/2016-February/004935.html
Cheers,
Thomas
2016-04-07 12:40 GMT+02:00 Stian Thorgersen <sthorger at redhat.com>:
> It is not currently possible to run multiple nodes without clustering.
> However, it's possible to configure JGroups to work on AWS. I can't
> remember the configuration required though, but if you search the user
> mailing list you'll find instructions or google for JGroups and AWS.
>
> On 7 April 2016 at 10:22, Christian Schwarz <christian at datek.no> wrote:
>
>> Hi!
>>
>> I'm trying to setup a keycloak cluster on AWS, which does not support UDP
>> multicast. IP addresses of the nodes are also not known in advance (I'm
>> using docker-cloud), so Infinispan/JGroups ("keycloak-ha-posgres" docker
>> image) for user session replication will not work (seems that it requires
>> either UDP multicast or IP addresses known in advance).
>>
>> The main problem I have is that logout is not working propertly. I only
>> get logged out from one of the two keycloak nodes.
>>
>> I have tried to disable the user cache (by setting
>> userCache.default.enabled = false) and to disable infinispan (by using
>> “keycloak-postgres” docker image), but to no avail. The “other” keycloak
>> node still thinks that the user is logged in, it’s not refreshing the user
>> session from the database even if user cache and infinispan cluster cache
>> is disbled.
>>
>> => Is there a possibility of using the database as a synchronization
>> point between keycloak nodes? (i.e. each node always checks logout status
>> in the database)
>> Or is there another way of getting a keycloak cluster up and running on
>> AWS when IP addresses are not known in advance?
>>
>> I hope there is a way… :)
>>
>> Kind regards,
>> Christian
>>
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160407/34c694ec/attachment.html
More information about the keycloak-user
mailing list