[keycloak-user] Is clustering required?

John D. Ament john.d.ament at gmail.com
Wed Aug 3 22:43:41 EDT 2016 

In our environment, we've seen sticky sessions fail in ~5% of requests.  We
generally avoid it.  I'll play around with the clustering to see how it
works.

On Wed, Aug 3, 2016 at 7:50 PM Bill Burke <bburke at redhat.com> wrote:

> you don't need session replication, just load balancer sticky sessions.
> Basically the HTTP load balancer sets a cookie when you visit for the first
> time.  Based on that cookie the load balancer knows which machine you are
> "stuck" on and will continually route the browser to that same machine.
>
> On 8/3/16 7:04 PM, John D. Ament wrote:
>
> Mmmph ok.  Do you know how quickly sessions replicate now?  Last time I
> did this it was about a minute which didn't perform well for me.  This is
> going back at least 6 years though.
>
> On Aug 3, 2016 18:50, "Bill Burke" <bburke at redhat.com> wrote:
>
>> I think SAML would be ok so long as you have sticky sessions enabled with
>> your load balancer.
>>
>> On 8/3/16 6:07 PM, John D. Ament wrote:
>>
>> Thanks Bill.  What if I'm primarily using SAML? Same session issue?
>>
>> John
>>
>> On Wed, Aug 3, 2016 at 5:17 PM Bill Burke <bburke at redhat.com> wrote:
>>
>>> It is required.  The auth code flow for OAuth is an out of band HTTP
>>> request so you may be loadbalanced to a machine that doesn't have the user
>>> session.  We have "sticky sessions" for out of band requests like this
>>> planned, but not implemented yet.
>>>
>>> On 8/3/16 4:55 PM, John D. Ament wrote:
>>>
>>> Hey,
>>>
>>> I was wondering, is clustering actually required on the keycloak server
>>> if I have multiple deployed? Or will it read data from the database?
>>>
>>> John
>>>
>>>
>>> _______________________________________________
>>> keycloak-user mailing listkeycloak-user at lists.jboss.orghttps://lists.jboss.org/mailman/listinfo/keycloak-user
>>>
>>>
>>> _______________________________________________
>>> keycloak-user mailing list
>>> keycloak-user at lists.jboss.org
>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160804/b6f4f72c/attachment-0001.html

More information about the keycloak-user mailing list