[keycloak-user] KeyCloak access tokens not being cached

Michael Olshansky macmike at gmail.com
Fri Mar 3 20:14:24 EST 2017


I have set up a keycloak cluster and generate tokens via
/auth/realms/master/protocol/openid-connect/token.

The problem is that an access token can only be used to perform subsequent
requests on the SAME SERVER that issued the token. Attempts to make a
request (e.g., /auth/admin/realms/master) on another server in the cluster
results in a response of "Bearer" and an error in that server's log.

Shouldn't the access tokens be available across the cluster?

As a side node, the refresh tokens DO appear to be cached, so caching does
appear to be working on some level.

As a second question: What data is stored in the session and authentication
caches? How does this relate to the access and refresh tokens?


More information about the keycloak-user mailing list