Keycloak + Infinispan cache in more depth

853 views

Skip to first unread message

Ben Shaver

unread,

Jan 27, 2022, 11:44:19 AM1/27/22

to Keycloak Dev

Hey, I'm working on Cross-dc deployment of keycloak with JDG as remote infinispan server.

After following the documentation, I saw that on infinispan server (infinispan.xml) I should configure a template of replicated cache type for all of the caches (work, session, ....)
But in domain.xml in Keycloak for each cache I can configure distributed cache type (not recommended for 'work' cache).

So my question is how does it work when in Keycloak I configure distributed cache but in infinispan I configure replicated cache?

Here is the template for JDG:
```

<cache-container ... >

<replicated-cache-configuration name="sessions-cfg"

mode="SYNC">

</backups>

</replicated-cache-configuration>

</cache-container>

```

And here is an example from domain.xml:

```

<distributed-cache name="sessions"

owners="1">

<remote-store cache="sessions"

remote-servers="remote-cache"

passivation="false"

fetch-state="false"

purge="false"

preload="false"

shared="true">

<property name="marshaller">org.keycloak.cluster.infinispan.KeycloakHotRodMarshallerFactory</property>

<property name="infinispan.client.hotrod.auth_username">myuser</property>

<property name="infinispan.client.hotrod.auth_realm">default</property>

<property name="infinispan.client.hotrod.auth_server_name">infinispan</property>

<property name="infinispan.client.hotrod.sasl_mechanism">SCRAM-SHA-512</property>

<property name="infinispan.client.hotrod.trust_store_file_name">/path/to/truststore.jks</property>

<property name="infinispan.client.hotrod.trust_store_password">password</property>

</remote-store>

</distributed-cache>

```

For example, what happens if I set a distributed cache with 2 owners? (Considering I have more than 2 nodes in both Keycloak clusters)

Reply all

Reply to author

Forward

0 new messages