Groups keyboard shortcuts have been updated
Dismiss
See shortcuts

2 keycloak nodes for active actrive session management

87 views
Skip to first unread message

Kobus Bensch

unread,
Dec 5, 2024, 8:46:43 AM12/5/24
to Keycloak User
Hi

I have 2 kc 24.0.2 nodes and I want to set these up on a load balancer for roundrobin access. I have the LB and the RR working, but there is something wrong I think with my infinispan config. I do not think the session information is shared between the nodes.

I have now battling with this looking at so many websites and tried so many things that I need to resort to asking you guys.

Can anybody please help?

Thank you

2 X Oracle Enterprise Linux 9.4

Here is my KC config on both nodes:
cache=ispn
cache-config-file=cache-ispn-tcpping.xml
cache-stack=tcp
db=postgres
db-username=keycloak
db-password=password
db-url=jdbc:postgresql://db_server:5432/keycloak
hostname=sso.company.com
hostname-strict-https=false
http-port=8080
http-relative-path=/auth
https-certificate-file=/etc/keycloak/conf/star.company.com_bundle.crt
https-certificate-key-file=/etc/keycloak/conf/star.company.com.key
https-port=8443
log=file
log-file=/var/log/keycloak/keycloak.log
log-file-format=%d{yyyy-MM-dd HH:mm:ss,SSS}
log-file-output=json
health-enabled=true
metrics-enabled=true

My infinispan configm looks like this:
<infinispan
        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
        xsi:schemaLocation="urn:infinispan:config:14.0 http://www.infinispan.org/schemas/infinispan-config-14.0.xsd"
        xmlns="urn:infinispan:config:14.0">

    <jgroups>
        <stack name="tcpping" extends="tcp">
            <TCP bind_port="7800" />
            <TCPPING initial_hosts="172.16.2.101[7800],172.16.2.102[7800]"
                port_range="0"
                stack.combine="REPLACE"
                stack.position="MPING"/>
        </stack>
    </jgroups>

    <cache-container name="keycloak">
        <transport lock-timeout="60000"/>
        <metrics names-as-tags="true" />
        <local-cache name="realms" simple-cache="true">
            <encoding>
                <key media-type="application/x-java-object"/>
                <value media-type="application/x-java-object"/>
            </encoding>
            <memory max-count="10000"/>
        </local-cache>
        <local-cache name="users" simple-cache="true">
            <encoding>
                <key media-type="application/x-java-object"/>
                <value media-type="application/x-java-object"/>
            </encoding>
            <memory max-count="10000"/>
        </local-cache>
        <distributed-cache name="sessions" owners="2">
            <expiration lifespan="-1"/>
        </distributed-cache>
        <distributed-cache name="authenticationSessions" owners="2">
            <expiration lifespan="-1"/>
        </distributed-cache>
        <distributed-cache name="offlineSessions" owners="2">
            <expiration lifespan="-1"/>
        </distributed-cache>
        <distributed-cache name="clientSessions" owners="2">
            <expiration lifespan="-1"/>
        </distributed-cache>
        <distributed-cache name="offlineClientSessions" owners="2">
            <expiration lifespan="-1"/>
        </distributed-cache>
        <distributed-cache name="loginFailures" owners="2">
            <expiration lifespan="-1"/>
        </distributed-cache>
        <local-cache name="authorization" simple-cache="true">
            <encoding>
                <key media-type="application/x-java-object"/>
                <value media-type="application/x-java-object"/>
            </encoding>
            <memory max-count="10000"/>
        </local-cache>
        <replicated-cache name="work">
            <expiration lifespan="-1"/>
        </replicated-cache>
        <local-cache name="keys" simple-cache="true">
            <encoding>
                <key media-type="application/x-java-object"/>
                <value media-type="application/x-java-object"/>
            </encoding>
            <expiration max-idle="3600000"/>
            <memory max-count="1000"/>
        </local-cache>
        <distributed-cache name="actionTokens" owners="2">
            <encoding>
                <key media-type="application/x-java-object"/>
                <value media-type="application/x-java-object"/>
            </encoding>
            <expiration max-idle="-1" lifespan="-1" interval="300000"/>
            <memory max-count="-1"/>
        </distributed-cache>
    </cache-container>
</infinispan>

I also have this in my quarkus.properties file:
quarkus.transaction-manager.enable-recovery=true

Kobus Bensch

unread,
Dec 5, 2024, 8:57:13 AM12/5/24
to Keycloak User
The errors I am getting are:
{
  "timestamp": "2024-12-05T13:54:45.511588492Z",
  "sequence": 9925127,
  "loggerClassName": "org.jboss.logging.Logger",
  "loggerName": "org.keycloak.events",
  "level": "WARN",
  "message": "type=\"CODE_TO_TOKEN_ERROR\", realmId=\"d8f93cbd-72b0-48c3-9621-dffd0cb0058e\", clientId=\"nagios\", userId=\"null\", ipAddress=\"172.16.2.106\", error=\"invalid_code\", grant_type=\"authorization_code\", code_id=\"26360c10-dcd7-414b-9e2a-37570dc11f5b\", client_auth_method=\"client-secret\"",
  "threadName": "executor-thread-122",
  "threadId": 131468,
  "mdc": {},
  "ndc": "",
  "hostName": "offiikck002.internal.company.com",
  "processName": "QuarkusEntryPoint",
  "processId": 218527
}

Kobus Bensch

unread,
Dec 5, 2024, 8:58:25 AM12/5/24
to Keycloak User
If I only have one of the servers started then it always works as it should, but as soon as both nodes are in the LB then I get the above error.

Kobus Bensch

unread,
Dec 9, 2024, 7:20:59 AM12/9/24
to Keycloak User
Is anybody able to help me with this please?

Kobus Bensch

unread,
Dec 9, 2024, 10:57:29 AM12/9/24
to Keycloak User
No help required. Problem has been resolved.
Reply all
Reply to author
Forward
0 new messages