There is cluster (high availability) setting in 'keycloak by Quarkus' like 'legacy keycloak` #13600

WonJuneLee · 2022-08-07T15:14:29Z

WonJuneLee
Aug 7, 2022

Hi all.

I found documentation for HA cluster setup.

Looks like I need to set the cluster mode, ping and architecture.
But that's a legacy keycloak document.

So I looked for an option or guide for Quarkus Keycloak. But the only thing is a guide to caching.

Is Distributed Cache configuration the only clustering option?
Does Quarkus Keycloak run based on the ping of the connected DB, so no special setup is required?
If I turn off the cache, (even though I lost some performance)I don't need to set up clustering and I only need to attach one RDBMS table?

Sorry for the basic question, thanks for the answer

Answered by darius-m

Aug 7, 2022

I think I can answer the last question - at least in the legacy (WildFly) configuration, user sessions are not kept in the database at all; if the Infinispan cluster fails you will get inconsistent service configurations and dropped user sessions (e,g., if the Infinispan servers do not have any cache persistence configured, all users will have to re-authenticate if all Infinispan servers are restarted at the same time). Because of this, you cannot create a Keycloak cluster that does not rely on Infinispan to store data.

The database mostly keeps information about more permanent service configurations (e.g., user 2FA tokens, client configurations), but not all information is placed in the …

View full answer

darius-m · 2022-08-07T17:33:50Z

darius-m
Aug 7, 2022

I think I can answer the last question - at least in the legacy (WildFly) configuration, user sessions are not kept in the database at all; if the Infinispan cluster fails you will get inconsistent service configurations and dropped user sessions (e,g., if the Infinispan servers do not have any cache persistence configured, all users will have to re-authenticate if all Infinispan servers are restarted at the same time). Because of this, you cannot create a Keycloak cluster that does not rely on Infinispan to store data.

The database mostly keeps information about more permanent service configurations (e.g., user 2FA tokens, client configurations), but not all information is placed in the database.

1 reply

darius-m Aug 7, 2022

Hopefully someone will correct me if there is a way to not use caches at all; most issues that we have faced were caused by Infinispan nodes disconnecting from the cluster and likely creating a split brain.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

There is cluster (high availability) setting in 'keycloak by Quarkus' like 'legacy keycloak` #13600

Uh oh!

{{title}}

Uh oh!

Replies: 1 comment 1 reply

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{editor}}'s edit

{{editor}}'s edit

Uh oh!

Select a reply

Uh oh!

There is cluster (high availability) setting in 'keycloak by Quarkus' like 'legacy keycloak` #13600

Uh oh!

WonJuneLee Aug 7, 2022

Replies: 1 comment · 1 reply

Uh oh!

darius-m Aug 7, 2022

Uh oh!

Uh oh!

darius-m Aug 7, 2022

WonJuneLee
Aug 7, 2022

Replies: 1 comment 1 reply

darius-m
Aug 7, 2022