[keycloak-user] Losing some sessions during clustering

Chris Hairfield chairfield at gmail.com
Thu Nov 3 13:36:11 EDT 2016 

Many thanks, John. This seems very likely. If there's no response from our
part, you may assume it's fixed.

Cheers,
Chris

On Thu, Nov 3, 2016 at 11:26 AM John Bartko <john.bartko at drillinginfo.com>
wrote:

> It sounds like sessions distributed-cache is not being replicated.
>
> From the Install/Config documentation on cache replication
> <https://keycloak.gitbooks.io/server-installation-and-configuration/content/v/2.3/topics/cache/replication.html>:
> "By default, Keycloak only specifies one owner for data. So if that one
> node goes down that data is lost. This usually means that users will be
> logged out and will have to login again."
>
> jboss-cli snippet:
> /subsystem=infinispan/cache-container=keycloak/distributed-cache=sessions:write-attribute(name=owners,
> value=2)
>
> Hope that helps,
> -John Bartko
>
> On Thu, Nov 3, 2016 at 12:08 PM, Chris Hairfield <chairfield at gmail.com>
> wrote:
>
> Hello Keycloak users,
>
> We're seeing strange behavior with the session handling when starting up a
> new node. Keycloak doesn't retain all sessions. Here's our experiment:
>
>    1. start with 1 node containing a few dozen sessions
>    2. start node 2 (nodes clustered via JGroups Ping table + infinispan)
>    3. wait for 10 minutes
>    4. stop node 1
>
> End result: *some* of the clients connected are forced to log back in. Most
>
>
> sessions remain.
>
> We're still investigating, so I cannot infer beyond this point at the
> moment. I'm simply curious whether anyone knows the following:
>
>    - are *all* sessions meant to be migrated to new nodes?
>    - how long does it take to migrate sessions?
>    - does a new node wait until sessions are migrated before it enables the
>    admin interface?
>    - is there any logic to prune sessions on clustering?
>
>
>
> Any thoughts would be greatly appreciated.
>
> Thanks,
> Chris
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
>
>

More information about the keycloak-user mailing list