[keycloak-user] Not able to setup Keycloak to fully replicate user sessions in cluster

Stian Thorgersen sthorger at redhat.com
Fri Jun 9 00:58:27 EDT 2017 

Your configuration is not correct and seems to be from an older version of
Keycloak. Please take a look at default standalone-ha.xml from 3.1 for the
correct cache configs.

You also need to get cluster communication working properly. Make sure the
nodes see each other. When you start new nodes something should happen in
the log in other nodes. In a cloud environment this can be tricky (you
haven't said which one) as multicasting usually doesn't work and you need
to use a different discovery protocol.

On 7 June 2017 at 16:17, Jyoti Kumar Singh <jyoti.tech90 at gmail.com> wrote:

> Hi Team,
>
> We are setting up keycloak:3.1.0.Final in a cluster mode for HA with full
> user sessions replication in a cloud system, i.e. when one node goes down
> then user will keep logged in on other node.
>
> I have setup cluster by using standalone-ha.xml and having infinispan cache
> as mentioned below:-
>
> <cache-container name="keycloak" jndi-name="infinispan/Keycloak">
>                 <transport lock-timeout="60000"/>
>                 <invalidation-cache name="realms" mode="SYNC"/>
>                 <invalidation-cache name="users" mode="SYNC"/>
>                 <distributed-cache name="sessions" mode="SYNC" owners="2"/>
>                 <distributed-cache name="loginFailures" mode="SYNC"
> owners="2"/>
> </cache-container>
>
> Every thing works fine except below use case:-
>
> 1. Node 1 and Node 2 both are up and user logged in - User session is
> getting generated by Node 1
> 2. Node 1 is now stopped and user session is getting replicated in Node 2 -
> User is still able to use the Keycloak console
> 3. Node 1 is up again and request is being transferred from LB to Node 1 -
> User is asked to log in again because session cache is not replicated to
>     Node 1 immediately once it is up
>
> I saw one option to add *start="EAGER" *in cache-container to fix this but
> looks like with latest version of WildFly it is no longer supported. Do we
> have any other way to fix this issue ?
>
>
> --
>
> *With Regards, Jyoti Kumar Singh*
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>

More information about the keycloak-user mailing list