[keycloak-user] Update account - login action tokens - how to make them persistent

Edgar Vonk - Info.nl Edgar at info.nl
Tue Mar 1 14:56:23 EST 2016 

Hi all,

What would we need to do to make Keycloak user sessions persistent in the database?

I think the information in: http://lists.jboss.org/pipermail/keycloak-user/2015-April/001921.html <http://lists.jboss.org/pipermail/keycloak-user/2015-April/001921.html> is not relevant anymore with Keycloak 1.9.0? Specifically:

"userSessions": {
        "provider": "jpa"
    }

Does not seem to work (“Failed to find provider jpa for userSessions”). User sessions are now managed using Infinispan by default if I understand correctly: http://keycloak.github.io/docs/userguide/keycloak-server/html/clustering.html#d4e3292 <http://keycloak.github.io/docs/userguide/keycloak-server/html/clustering.html#d4e3292> ?

Is there a way to make user sessions persistent?

Our issue is that we send out a lot of activation (‘update password’) emails from our (single) Keycloak server to new users and since we have a continuous delivery pipeline Keycloak does down and up quite a bit and every time it restarts all temporary log in tokens used for these update password actions are lost (since they are stored in memory only). And if I understand correctly these tokens are actually a sort of user sessions.

cheers

Edgar


> On 29 Feb 2016, at 17:52, Edgar Vonk - Info.nl <Edgar at info.nl> wrote:
> 
> Hi,
> 
> See if I understand this correctly: in the default set up of Keycloak sessions and temporary tokens are not persisted in the Keycloak database? So consider this scenario:
> 
> 1/ login as admin to master realm
> 2/ go to Users - Credentials and send a ‘Update Password’ reset action email
> 3/ user receives an email with a link with a unique token to update his/her password in Keycloak
> 4/ Keycloak server is restarted for whatever reason
> 5/ the temporary ‘login action token’ no longer exists and the link from 3/ no longer works
> 
> Is this correct and expected behaviour?
> 
> And if so, can somebody maybe point us in the direction to solve this? I.e. by making sessions/tokens by persistent I guess.
> 
> cheers
> 
> Edgar

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160301/1b8dbb9c/attachment.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 496 bytes
Desc: Message signed with OpenPGP using GPGMail
Url : http://lists.jboss.org/pipermail/keycloak-user/attachments/20160301/1b8dbb9c/attachment.bin

More information about the keycloak-user mailing list