[keycloak-user] Setting up a Keycloak Domain Cluster
Stian Thorgersen
sthorger at redhat.com
Tue Sep 20 04:03:09 EDT 2016
Doesn't sound like you have working clustering setup. Please take a look at
https://keycloak.gitbooks.io/server-installation-and-configuration/content/topics/clustering.html
.
On 18 September 2016 at 04:15, i.pop at centurylink.net <i.pop at centurylink.net>
wrote:
> Hi ,
> I work on POC to use Keycloak to secure a set of microservices( java
> written SpringBooth&gradle projects).
> I use Keycloak-2.1.0.Final release installed on 3 different VMs(master
> running on VM1, slave1 on VM2, slave2 on VM2). On a 4th VM I have
> installed a shared (MySql) db to replace the embedded H2 db.
> I have configured a Keycloak Domain Mode cluster using keycloak
> documentation "Server Installation and Configuration Guide".
> 1. I have logged on the master keycloak server and configured my new Realm
> that has my microservice processes as clients.I have added
> roles,users,groups, etc., The realm configuration of the master keycloak
> instance got replicated on the slave instances ( I can see the cluster
> running when loging-on WildFly Management Interface).
> 2. I have added to all microservice java projects the keycloak securing
> code:
> 2.1 Created a keycloak.json file who's content was generated my the
> MASTER keycloak server(Client's "Installation" utility)
> 2.2 Added to the project's Application class a system property, to
> target the keycloak.json file generated by the MASTER keycloak
> instance:System.setProperty("keycloak.configurationFile",
> "classpath:keycloak.json");
> 2.3 Created a new config's package class : public class SecurityConfig
> extends KeycloakWebSecurityConfigurerAdapter
> 2.4 Added to the build.gradle file keycloak spring security adapter
> compilation :
> compile group: 'org.keycloak', name:'keycloak-spring-
> security-adapter',version:'2.1.0.Final
> Note. I have compared the content of the json format code generated by
> the Client "Installation" utility of the slave instances against master
> instance and, THE ONLY DIFFERENCE is the* "auth-server-url"* line (having
> the specific node URL address)
> 3. Now, I want to do the test of accessing particular resources of my
> microservice applications(additional info: I did not implemented any
> load-balancer in front of the keycloak cluster):
> I have created a simple java program that uses a Basic Authorization
> procedure to get an access token, and then use this token to sent request
> messages to my microservice application and get the expected response
> messages.
> - When I use the MASTER's instance authorization endpoint to get an
> access token, I get the expected response message( because, I presume, my
> microservice application attached keycloak.json file has HARDCODED content
> generated by the MASTER's instance & containing MASTERS's authorization
> endpoint).
> - When I use either-one SLAVE keycloak instance authorization&token
> generation endpoint to generate an access token, my request fails with a
> 401 error:"Unable to authenticate bearer token"
> I believe or feel, I use a wrong approach to solve my problem. My
> microservice applications (at this time) DO NOT KNOW anything, whether I
> use a domain mode cluster or, a simple standalone keycloak
> instanceattached keycloak.json file has ONLY one keycloak instance (
> MASTER's ) "auth-server-url" info ).
> Here, I need your help to enlighten me. Is there another approach to
> handle my problem? It should, otherwise why writing about Domain Mode in
> Keycloak Release documentation. Unfortunately, I have not found (yet )
> detailed info on how to configure a Keycloak Domain Cluster and how to do
> test simulations with it. I would appreciate any help on this issue.
> Thanks,
> Ioan
>
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160920/1d14ec3c/attachment.html
More information about the keycloak-user
mailing list