[keycloak-user] Cross-site DB Replication Question
Hossein Doutaghy
hossein.doutaghy at gmail.com
Tue Oct 29 16:48:04 EDT 2019
Hi,
We have 2 GEO redundant sites having Keycloak installed in standalone-ha
mode. Each site has its own Galera cluster and mariadb replication is
happening between the two sites.
Keycloak uses few URLs which are specific to a single site, for
example the *Base
URL* which the keycloak redirects the user to, once the authentication is
successful. The syntax of *Base URL* is :
https://<SITE_VIP>:8443/servicemanager
What we have noticed is since the entire mariadb data gets replicated from
Site A to Site B so does the above Base URL and because of which when we
access the service manager client on site B that is protected by Keycloak
B, then it redirects us to the service manager client in Site A in case of
successful authentication. In other words, in both the service manager
clients in Keycloak server A and B i.e. 10.88.9.74 and 10.88.9.64, the base
URL is same and when we change the base URL on any one of the sites, it
gets replicated to the other one. (Can be seen upon clearing realm cache)
How can we prevent this data to be replicated as they are more site
specific? Is it safe to just exclude the CLIENT table in database from the
replication by using mariadb selective replication technique?
Thanks,
Moe
More information about the keycloak-user
mailing list