There are two servers with Keycloak version 24.0.2 installed, and they are configured to share cache through Infinispan. These two servers are behind an L4 load balancer and use a VIP for load balancing. The web application checks the token, and if it is invalid or missing, it calls the Keycloak login page. The issue is that the login page directly calls node 1 via the domain for client login, but after login, the web server checks the session authentication with Keycloak by calling node 2. It seems that an error occurs because node 2 does not have the session information. Could you please review my configuration?
db=mssql
db-username=${DATABASE_USER_NAME}
db-password=${DATABASE_USER_PASSWORD}
db-driver=com.microsoft.sqlserver.jdbc.SQLServerDriver
db-url=jdbc:sqlserver://${DATABASE_IP}:${DATABASE_PORT};database=KEYCLOAK;trustServerCertificate=true;encrypt=true
transaction-xa-enabled=false
hostname=${HOSTNAME}
http-port=8080
http-enabled=true
https-port=${HTTPS_PORT}
https-certificate-file=${FILE_PATH}
https-certificate-key-file=${KEY_PATH}
cache=ispn
cache-config-file=keycloak-cache.xml
jgroups.stack=jdbc-ping
proxy=edge
log=file
log-level=DEBUG
<?xml version="1.0" encoding="UTF-8"?>
<!--
~ Copyright 2019 Red Hat, Inc. and/or its affiliates
~ and other contributors as indicated by the @author tags.
~
~ Licensed under the Apache License, Version 2.0 (the "License");
~ you may not use this file except in compliance with the License.
~ You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing, software
~ distributed under the License is distributed on an "AS IS" BASIS,
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
~ See the License for the specific language governing permissions and
~ limitations under the License.
-->
<infinispan
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="urn:infinispan:config:14.0 http://www.infinispan.org/schemas/infinispan-config-14.0.xsd"
xmlns="urn:infinispan:config:14.0">
<jgroups>
<stack name="jdbc-ping" extends="tcp">
<JDBC_PING connection_driver="com.microsoft.sqlserver.jdbc.SQLServerDriver"
connection_username="${DATABASE_USER_NAME}"
connection_password="${DATABASE_USER_PASSWORD}"
connection_url="jdbc:sqlserver://${DATABASE_IP}:${DATABASE_PORT};database=KEYCLOAK;trustServerCertificate=true;encrypt=true"
info_writer_sleep_time="500"
initialize_sql="IF NOT EXISTS (SELECT * FROM SYS.OBJECTS WHERE OBJECT_ID = OBJECT_ID('JGROUPSPING')) BEGIN CREATE TABLE JGROUPSPING (own_addr varchar(200) NOT NULL, cluster_name varchar(200) NOT NULL, ping_data VARBINARY(255), constraint PK_JGROUPSPING PRIMARY KEY (own_addr, cluster_name)); END"
insert_single_sql="INSERT INTO JGROUPSPING (own_addr, cluster_name, ping_data) VALUES (?, ?, ?);"
delete_single_sql="DELETE FROM JGROUPSPING WHERE own_addr=? AND cluster_name=?"
select_all_pingdata_sql="SELECT ping_data FROM JGROUPSPING WHERE cluster_name=?"
remove_all_data_on_view_change="true"
stack.combine="REPLACE"
stack.position="MPING" />
</stack>
</jgroups>
<cache-container name="keycloak">
<transport lock-timeout="60000" cluster="keycloak-cluster" stack="jdbc-ping" node-name="SSO-AP01"/>
<local-cache name="realms">
<encoding>
<key media-type="application/x-java-object"/>
<value media-type="application/x-java-object"/>
</encoding>
<memory max-count="10000"/>
</local-cache>
<local-cache name="users">
<encoding>
<key media-type="application/x-java-object"/>
<value media-type="application/x-java-object"/>
</encoding>
<memory max-count="10000"/>
</local-cache>
<distributed-cache name="sessions" owners="2">
<expiration lifespan="-1"/>
</distributed-cache>
<distributed-cache name="authenticationSessions" owners="2">
<expiration lifespan="-1"/>
</distributed-cache>
<distributed-cache name="offlineSessions" owners="2">
<expiration lifespan="-1"/>
</distributed-cache>
<distributed-cache name="clientSessions" owners="2">
<expiration lifespan="-1"/>
</distributed-cache>
<distributed-cache name="offlineClientSessions" owners="2">
<expiration lifespan="-1"/>
</distributed-cache>
<distributed-cache name="loginFailures" owners="2">
<expiration lifespan="-1"/>
</distributed-cache>
<local-cache name="authorization">
<encoding>
<key media-type="application/x-java-object"/>
<value media-type="application/x-java-object"/>
</encoding>
<memory max-count="10000"/>
</local-cache>
<replicated-cache name="work">
<expiration lifespan="-1"/>
</replicated-cache>
<local-cache name="keys">
<encoding>
<key media-type="application/x-java-object"/>
<value media-type="application/x-java-object"/>
</encoding>
<expiration max-idle="3600000"/>
<memory max-count="1000"/>
</local-cache>
<distributed-cache name="actionTokens" owners="2">
<encoding>
<key media-type="application/x-java-object"/>
<value media-type="application/x-java-object"/>
</encoding>
<expiration max-idle="-1" lifespan="-1" interval="300000"/>
<memory max-count="-1"/>
</distributed-cache>
</cache-container>
</infinispan>