[keycloak-user] Unable To Use Refresh Token

Sagar Ahire sagarahire at arvindinternet.com
Thu Mar 9 00:41:54 EST 2017


I tried with standalone-ha.xml, still facing the same issue.

regards,
 -Sagar

On Tue, Mar 7, 2017 at 7:50 PM, Hynek Mlnarik <hmlnarik at redhat.com> wrote:

> Depending on your setup, you should be using either standalone-ha.xml
> or standalone-full-ha.xml to run in cluster.
>
> --Hynek
>
> On Tue, Mar 7, 2017 at 2:52 PM, Sagar Ahire
> <sagarahire at arvindinternet.com> wrote:
> > I'm using the standard keycloak 2.4.0 docker image, I modified the
> > standalone.xml in docker file. I've increased owners count to 4.
> following
> > are the tags I changed in *standalone.xml*.
> > <distributed-cache name="sessions" mode="SYNC" owners="4"/>
> > <distributed-cache name="offlineSessions" mode="SYNC" owners="4"/>
> > <distributed-cache name="loginFailures" mode="SYNC" owners="4"/>
> > <distributed-cache name="authorization" mode="SYNC" owners="4"/>
> >
> > But still facing the same issue. Is standalone.xml the correct file I
> need
> > to change? or I'm missing something here.
> >
> >
> > regards,
> >  -Sagar
> >
> > On Mon, Mar 6, 2017 at 7:31 PM, Andrew Zenk <azenk at umn.edu> wrote:
> >
> >> Have you increased the owner count for the various caches to something
> >> greater than 1?
> >>
> >> On Mar 6, 2017 7:56 AM, "Sagar Ahire" <sagarahire at arvindinternet.com>
> >> wrote:
> >>
> >>> Hello,
> >>>
> >>> I've deployed keyclock 2.4.0 in a kubernetes environment. While
> refreshing
> >>> the access token I'm getting following response.
> >>> {'error': 'invalid_grant', 'error_description': 'Client session not
> >>> active'}.
> >>>
> >>> Here is what I did:
> >>> Step1: First, I generated three access tokens and refresh tokens
> >>> (rf1,rf2,rf3), then I used this refresh_tokens to refresh the access
> >>> tokens. I got the access tokens successfully for all three requests.
> >>> (Successful scenario)
> >>>
> >>> Step2: I restarted some of the pods from the keyclock cluster, I tried
> to
> >>> refresh the access tokens using the same refresh tokens(rf1,rf2,rf3)
> >>> again,
> >>> using rf1 I could refresh the access token but using rf2,rf3 I got the
> >>> response mentioned above ('client session not active'). I made sure rf2
> >>> and
> >>> rf3 are not expired.
> >>>
> >>> I'm unable to use refresh token even though it is not expired. I
> suspect
> >>> session created on one pod is not properly shared between all the
> members
> >>> of a cluster and I'm loosing the session if one of my pod is restarted
> or
> >>> goes down.
> >>>
> >>> Can someone please suggest any solution for this? Any help would be
> >>> greatly
> >>> appreciated.
> >>>
> >>>
> >>>
> >>>
> >>> regards,
> >>>  -Sagar
> >>> _______________________________________________
> >>> keycloak-user mailing list
> >>> keycloak-user at lists.jboss.org
> >>> https://lists.jboss.org/mailman/listinfo/keycloak-user
> >>>
> >>
> > _______________________________________________
> > keycloak-user mailing list
> > keycloak-user at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/keycloak-user
>
>
>
> --
>
> --Hynek
>


More information about the keycloak-user mailing list