[keycloak-user] Logouts / how to disable keycloak "user session" cache?
Stian Thorgersen
sthorger at redhat.com
Tue Apr 12 00:48:39 EDT 2016
+1 To running Keycloak on AWS section to docs. Do you want to contribute
that? Not sure about Docker images, we already have more than I'd like to
maintain.
On 7 April 2016 at 22:56, Scott Rossillo <srossillo at smartling.com> wrote:
> Hi!
>
> We completed the final steps to getting this working on Amazon AWS with
> Docker using Keycloak 1.9.x. Since we already have a database, we used
> JDBC_PING not to add S3 as yet another dependency.
>
> The changes are here[0] for now. Would Keycloak devs be interested in
> adding a running Keycloak on AWS section or another sample docker image?
>
> There are 3 steps / files:
>
> 1. configureCache.xsl sets up Infinispan correctly
> 2. start.sh - Uses Amazon APIs via HTTP to get the correct instance IP
> information
> 3. 30_docker_ports.config - if using Docker, this shell script runs on
> deploy to expose the cluster port to the EC2 interface. Needed with
> Beanstalk, maybe not with ECS
>
> [0]: https://gist.github.com/foo4u/ad2fa7251ac5b4d4fd318f668f50f7ac
>
> Best,
> Scott
>
> Scott Rossillo
> Smartling | Senior Software Engineer
> srossillo at smartling.com
>
> On Apr 7, 2016, at 6:44 AM, Thomas Darimont <
> thomas.darimont at googlemail.com> wrote:
>
> Hello,
>
> have a look at this thread:
> http://lists.jboss.org/pipermail/keycloak-user/2016-February/004935.html
>
> Cheers,
> Thomas
>
> 2016-04-07 12:40 GMT+02:00 Stian Thorgersen <sthorger at redhat.com>:
>
>> It is not currently possible to run multiple nodes without clustering.
>> However, it's possible to configure JGroups to work on AWS. I can't
>> remember the configuration required though, but if you search the user
>> mailing list you'll find instructions or google for JGroups and AWS.
>>
>> On 7 April 2016 at 10:22, Christian Schwarz <christian at datek.no> wrote:
>>
>>> Hi!
>>>
>>> I'm trying to setup a keycloak cluster on AWS, which does not support
>>> UDP multicast. IP addresses of the nodes are also not known in advance (I'm
>>> using docker-cloud), so Infinispan/JGroups ("keycloak-ha-posgres" docker
>>> image) for user session replication will not work (seems that it requires
>>> either UDP multicast or IP addresses known in advance).
>>>
>>> The main problem I have is that logout is not working propertly. I only
>>> get logged out from one of the two keycloak nodes.
>>>
>>> I have tried to disable the user cache (by setting
>>> userCache.default.enabled = false) and to disable infinispan (by using
>>> “keycloak-postgres” docker image), but to no avail. The “other” keycloak
>>> node still thinks that the user is logged in, it’s not refreshing the user
>>> session from the database even if user cache and infinispan cluster cache
>>> is disbled.
>>>
>>> => Is there a possibility of using the database as a synchronization
>>> point between keycloak nodes? (i.e. each node always checks logout status
>>> in the database)
>>> Or is there another way of getting a keycloak cluster up and running on
>>> AWS when IP addresses are not known in advance?
>>>
>>> I hope there is a way… :)
>>>
>>> Kind regards,
>>> Christian
>>>
>>> _______________________________________________
>>> keycloak-user mailing list
>>> keycloak-user at lists.jboss.org
>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>
>>
>>
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160412/ffaece5f/attachment-0001.html
More information about the keycloak-user
mailing list