Hello all
Sorry if this matter was discussed before. I looked for something like that, but found nothing.
We have a scenario where we have a Keycloak, an NGINX proxy, four containers having a monolithic legacy Java application and one Redis to share session between the four nodes. All the containers have the same hostname. Our app uses KeycloakOIDCFilter for authentication. We have configured NGINX to rotate (round robin) between the app instances. As the app saves his session in Redis, the session is shared across all the nodes and all works well.
We decided to change the app authentication to Keycloak (authorization code), but we are experiencing some problems. When we call the app, KC shows your logon screen correctly, but when it sends the POST logon, we receive a 400 error.
In logs, the problem occurs due to contaier rotation. When KC calls auth/realms/mycompany/protocol/openid-connect/token, the app receives an aswer like that:
{“error”:“invalid_grant”,“error_description”:“Code not valid”}
If we shut down three nodes and leave only one, all works well.
What I’m doing wrong? What’s the best aproach to solve this question?
Thanks for any help.
Walter