[keycloak-user] Setting up KC 3.1.0 in a HA cluster
Gavin Howard
gavtheman1 at gmail.com
Thu Nov 30 06:24:54 EST 2017
KC group,
I am currently in the process of deploying Keycloak (KC) at my firm in a
highly available cluster and I have been following your documentation here:
http://www.keycloak.org/docs/3.1/server_installation/topics/clustering.html
My setup is that I am using HAproxy (HAP) to provide the reverse proxy and
balancing component and two KC nodes behind it connecting to an Oracle
database. Previously I had KC working correctly as a single standalone node.
I have followed your documentation to ensure the client IP address is
forwarded correctly from HAP to my backend servers and confirmed this by
following the steps mentioned under "Verify Connection" here:
http://www.keycloak.org/docs/3.1/server_installation/topics/clustering/load-balancer.html
and also that the domain is correctly rendered in my equivalent of :
https://acme.com/auth/realms/master/.well-known/openid-configuration
Upon testing my cluster get some quite strange behavior upon entering valid
login credentials that I get either a message that either my session has
been restarted as I was taking too long to login or I get passed around a
redirect loop. Either way the setup is not working as I expected.
The documentation goes on to describe multicast settings:
http://www.keycloak.org/docs/3.1/server_installation/topics/clustering/multicast.html
but it is not quite clear if this is needed in my setup.
Is it a requirement of ALL of the possible clustering configurations that
multicast is set and working between the nodes?
Or is it possible to setup the KC nodes as their own instances, without
knowledge of the other nodes, and have the load balancer stick the user
session to an individual node whilst authentication takes place? If so, how
can this be achieved?
Many thanks,
Gavin
More information about the keycloak-user
mailing list