[keycloak-user] Setting up a Keycloak Domain Cluster

Stian Thorgersen sthorger at redhat.com
Tue Sep 20 04:03:09 EDT 2016 

Doesn't sound like you have working clustering setup. Please take a look at
https://keycloak.gitbooks.io/server-installation-and-configuration/content/topics/clustering.html
.

On 18 September 2016 at 04:15, i.pop at centurylink.net <i.pop at centurylink.net>
wrote:

> Hi ,
> I work on POC to use Keycloak to secure a set of microservices( java
> written SpringBooth&gradle projects).
> I use Keycloak-2.1.0.Final release installed on 3 different VMs(master
> running on VM1, slave1 on VM2, slave2 on VM2). On a 4th VM I have
> installed a shared (MySql) db to replace the embedded H2 db.
> I have configured a Keycloak Domain Mode cluster using keycloak
> documentation "Server Installation and Configuration Guide".
> 1. I have logged on the master keycloak server and configured my new Realm
> that has my microservice processes  as clients.I have added
> roles,users,groups, etc., The realm configuration of the master keycloak
> instance  got replicated on the slave instances ( I can see the cluster
> running when loging-on  WildFly Management Interface).
> 2. I have added to all microservice java projects the  keycloak securing
> code:
>     2.1 Created a keycloak.json file who's content was generated my the
> MASTER keycloak server(Client's "Installation" utility)
>     2.2 Added to the  project's Application class a  system property, to
> target the keycloak.json file generated by the MASTER keycloak
> instance:System.setProperty("keycloak.configurationFile",
> "classpath:keycloak.json");
>     2.3 Created a new config's package class : public class SecurityConfig
> extends KeycloakWebSecurityConfigurerAdapter
>     2.4  Added to the build.gradle file keycloak spring security adapter
> compilation :
>            compile group: 'org.keycloak', name:'keycloak-spring-
> security-adapter',version:'2.1.0.Final
>   Note. I have compared the content of the json format code generated by
> the Client "Installation" utility of the slave instances against master
> instance and, THE ONLY DIFFERENCE is the* "auth-server-url"* line (having
> the specific node URL address)
> 3. Now, I want to do the test of accessing particular resources of my
> microservice applications(additional info: I did not implemented any
> load-balancer in front of the keycloak cluster):
>      I have created a simple java program that uses a Basic Authorization
>  procedure to get an access token, and then use this token to sent request
> messages to my microservice application and get the expected response
> messages.
>    - When I use the MASTER's instance authorization endpoint to get an
> access token, I get the expected response message( because, I presume,  my
> microservice application attached  keycloak.json file has HARDCODED content
>  generated by the MASTER's instance & containing MASTERS's authorization
> endpoint).
>     - When I use either-one SLAVE keycloak instance authorization&token
> generation endpoint to generate an access token, my request  fails with a
> 401 error:"Unable to authenticate bearer token"
> I believe or feel, I use a wrong approach to solve my problem. My
> microservice applications (at this time)  DO NOT KNOW anything, whether I
> use a domain mode cluster  or, a simple standalone keycloak
> instanceattached keycloak.json file has ONLY one keycloak instance (
> MASTER's )  "auth-server-url"  info ).
> Here, I need your help to enlighten me. Is there another approach to
> handle my problem? It should, otherwise why writing about Domain Mode in
> Keycloak Release documentation. Unfortunately, I have not found (yet )
>  detailed  info on how to configure a Keycloak Domain Cluster and how to do
> test simulations with it. I would appreciate any help on this issue.
> Thanks,
> Ioan
>
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160920/1d14ec3c/attachment.html

More information about the keycloak-user mailing list