[keycloak-user] Logout in cluster environments

Marek Posolda mposolda at redhat.com
Fri Jan 20 03:17:32 EST 2017


This is supposed to work for Keycloak OIDC clients and some docs is here 
https://keycloak.gitbooks.io/securing-client-applications-guide/content/topics/oidc/java/application-clustering.html 
.

I don't know about Keycloak SAML clients. Is it an alternative for you 
to try OIDC instead of SAML?

Marek

On 20/01/17 08:19, Pulkit Gupta wrote:
> Hi All,
>
> I am running multiple applications deployed on a Jboss cluster with
> infinispan used as a cache and for distributed sessions.
> I verified and can see that session replication is working for a normal
> application where I can see the same session on all the servers in the
> cluster and hence the application is working fine without session
> stickiness.
>
> However when I am trying to use any Keycloak SAML client based application
> it is only working if the request is going to a particular box in the
> cluster. On all the other boxes we are getting errors.
> >From this behavior I am concluding that somehow for Keycloak based
> applications sessions are not getting replicated.
> Both these applications has <distributable /> tag in them so I am not sure
> why it is showing different behaviour.
>
> I know we can fix this by just enabling session stickiness but we want the
> sessions to be replicated as well.
> This is because we want to make our set up more resilient. Also in case of
> logout when Keycloak is sending a back channel logout request it amy send
> it to any server in the cluster.
> If the sessions are not properly replicated then the logout will fail as
> the session will remain preserved on some other server in the cluster.
>
> Can someone please suggest me something what to try.
>



More information about the keycloak-user mailing list