[keycloak-user] running multiple instances without clustering
Sam Davis
sam.davis at tasktop.com
Mon Jun 5 12:43:15 EDT 2017
Thanks for the response. What would happen if someone logs into the backup
instance and tries to change the configuration (e.g. adding users) while
someone else is making configuration changes on the primary instance?
--
Sam Davis
Senior Software Engineer, Tasktop
Committer, Eclipse Mylyn
http://tasktop.com
On Mon, May 29, 2017 at 6:45 PM, Bill Burke <bburke at redhat.com> wrote:
> If you do not load balance, but instead just have a hot backup, this
> will work so long as its ok that somebody has to relogin. If you do
> load balance, then this will not work because OIDC has non-browser
> requests ( code-to-token and refresh token).
>
>
> On 5/29/17 8:37 PM, Sam Davis wrote:
> > Hi,
> >
> > I understand that Keycloak supports clustering, but I am wondering if it
> is
> > possible to run multiple instances of Keycloak using the same
> configuration
> > database *without* using clustering, i.e. using the standalone
> > <https://keycloak.gitbooks.io/documentation/server_
> installation/topics/operating-mode/standalone.html>
> > operating mode.
> >
> > It looks like the only difference between this and using the standalone
> > clustered mode is that the caches will not be synchronized between the
> > instances. I understand that it could cause some weird behaviour with
> user
> > sessions (e.g. a user logs out on one instance but is still logged in on
> > another, or vice versa). Would it cause any more serious problems (e.g.
> > corrupt configuration database) or create security vulnerabilities?
> >
> > The use case is that my application bundles Keycloak and the application
> > and Keycloak run on the same server. If the server goes down, another
> > instance of the application on another server will take over, and that
> > instance will redirect users to another keycloak instance running on that
> > server. So I don't really need clustering, since normally only a single
> > Keycloak instance will actually be used at a time and will only be used
> by
> > a single application.
> >
> > Thanks,
> > Sam
> > _______________________________________________
> > keycloak-user mailing list
> > keycloak-user at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/keycloak-user
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
More information about the keycloak-user
mailing list