Enabling Multicast for Keycloak Clustering

Hi,
How to enable multicast for keycloak standalone clustering? Is it possible to do keycloak clustering without enabling multicast?

Thanks in advance,
Deeps.

If you use the default settings, multicast is already active, it’s the default.

Yes, I am using the default settings. But I am not sure if my cluster is working properly. In one of your videos, it is mentioned that in the keycloak log, “cluster view” will be displayed if the cluster is working properly. But it is not showing up in my keycloak log.

For load balancing, I used haproxy and tried enabling the sticky session. But getting forbidden error after logging into the application.

Some helpful clustering information can be found here: GitHub - fit2anything/keycloak-cluster-setup-and-configuration

To disable multicast, disable modcluster in standalone[-ha].xml and enable one of the options (e.g. TCPPING) from the link above.

Here are the lines to remove which disable modcluster:

 <extension module="org.jboss.as.modcluster"/>
 […]
    <subsystem xmlns="urn:jboss:domain:modcluster:5.0">
 […]
        <proxy name="default" advertise-socket="modcluster" listener="ajp">
            <dynamic-load-provider>
                <load-metric type="cpu"/>
            </dynamic-load-provider>
        </proxy>
    </subsystem>
 […]
            <ajp-listener name="ajp" socket-binding="ajp"/>
 […]
    <socket-binding name="ajp" port="${jboss.ajp.port:8009}"/>
 […]
    <socket-binding name="modcluster" multicast-address="${jboss.modcluster.multicast.address:224.0.1.105}" multicast-port="23364"/>

Thank you for your help. I will check.

Hi,
I followed the steps by commenting the modcluster segments which you mentioned. Also added :
stack name=“tcp”
transport type=“TCP” socket-binding=“jgroups-tcp”
protocol type=“TCPPING”
property name=“initial_hosts”>Keycloak1_IP[7600],Keycloak2_IP[7600]property
property name=“ergonomics”>false</property
/protocol

Included this in the startup command:
-DJGROUPS_DISCOVERY_EXTERNAL_IP= Keycloak1_IP -DJGROUPS_DISCOVERY_PROTOCOL=TCPPING -DJGROUPS_DISCOVERY_PROPERTIES=initial_hosts=“Keycloak1_IP[7600],Keycloak2_IP[7600]”

Still I am getting forbidden error. Is this the correct way to implement
TCPPING protocol?

Here is a example working for me on how to configure TCPPING:

            <channels default="ee">
                <channel name="ee" stack="tcp" cluster="ejb"/>
            </channels>
[...]
                <stack name="tcp">
                    <transport type="TCP" socket-binding="jgroups-tcp">
                        <property name="external_addr">${jboss.bind.address.management:127.0.0.1}</property>
                    </transport>
                    <protocol type="org.jgroups.protocols.TCPPING">
                        <property name="initial_hosts">1.1.1.1[7600],1.1.1.2[7600],1.1.1.3[7600],1.1.1.4[7600]</property>
                        <property name="ergonomics">false</property>
                    </protocol>
			<socket-protocol type="MPING" socket-binding="jgroups-mping"/>
                    <protocol type="MERGE3"/>
                    <socket-protocol type="FD_SOCK" socket-binding="jgroups-tcp-fd"/>
                    <protocol type="FD_ALL"/>
                    <protocol type="VERIFY_SUSPECT"/>
                    <protocol type="pbcast.NAKACK2"/>
                    <protocol type="UNICAST3"/>
                    <protocol type="pbcast.STABLE"/>
                    <protocol type="pbcast.GMS"/>
                    <protocol type="MFC"/>
                    <protocol type="FRAG3"/>
                </stack>

JGroups is documented here: Preface

Next, set the distributed cache number of copies which should typically be set to the number of servers in the cluster:

                <distributed-cache name="sessions" owners="4"/>
                <distributed-cache name="authenticationSessions" owners="4"/>
                <distributed-cache name="offlineSessions" owners="4"/>
                <distributed-cache name="clientSessions" owners="4"/>
                <distributed-cache name="offlineClientSessions" owners="4"/>
                <distributed-cache name="loginFailures" owners="4"/>
[...]
                <distributed-cache name="actionTokens" owners="4">

Finally, remove these lines to disable UDP:

<stack name="udp">
    <transport type="UDP" socket-binding="jgroups-udp"/>
    <protocol type="PING"/>
    <protocol type="MERGE3"/>
    <socket-protocol type="FD_SOCK" socket-binding="jgroups-udp-fd"/>
    <protocol type="FD_ALL"/>
    <protocol type="VERIFY_SUSPECT"/>
    <protocol type="pbcast.NAKACK2"/>
    <protocol type="UNICAST3"/>
    <protocol type="pbcast.STABLE"/>
    <protocol type="pbcast.GMS"/>
    <protocol type="UFC"/>
    <protocol type="MFC"/>
    <protocol type="FRAG3"/>
</stack>
[…]
<socket-binding name="jgroups-udp" interface="private" port="55200" multicast-address="${jboss.default.multicast.address:230.0.0.4}" multicast-port="45688"/>
<socket-binding name="jgroups-udp-fd" interface="private" port="54200"/>

Thank you for the help.