Install keycloak asi standalone-ha on 2 nodes

Palino1611 · March 13, 2020, 8:50pm

I have 2 servers which I run keycloak on.
node1 ip: 10.12.201.3
node2 ip: 10.12.201.4
I run keycloak asi standalone-ha.xml on both servers. I also have zevenet load balancer which distributes traffic to both nodes via ip 10.12.203.13:8080. I have 2 issues which I would like to solve:

1.issue:
when I login to keycloak via 10.12.203.13:80 and I stop the process on the server where the session is opened I will be disconnected from the session and I have to login again to keycloak. Is it possible to solve that? I want to achieve that I would not be disconnected when one of the servers goes down.

2.issue: when I login to keycloak via 10.12.203.13:80 and delete on of servers from load balancer I am also disconnected from the session and I have to login again. Please is it possible to solve that?

Please if you can help me write a specific lines of xml which I have to include into standalone-ha.xml config.

my standalone-ha.xml config looks like this now:

<?xml version='1.0' encoding='UTF-8'?>

<server xmlns="urn:jboss:domain:10.0">
    <extensions>
        <extension module="org.jboss.as.clustering.infinispan"/>
        <extension module="org.jboss.as.clustering.jgroups"/>
        <extension module="org.jboss.as.connector"/>
        <extension module="org.jboss.as.deployment-scanner"/>
        <extension module="org.jboss.as.ee"/>
        <extension module="org.jboss.as.ejb3"/>
        <extension module="org.jboss.as.jaxrs"/>
        <extension module="org.jboss.as.jmx"/>
        <extension module="org.jboss.as.jpa"/>
        <extension module="org.jboss.as.logging"/>
        <extension module="org.jboss.as.mail"/>
        <extension module="org.jboss.as.modcluster"/>
        <extension module="org.jboss.as.naming"/>
        <extension module="org.jboss.as.remoting"/>
        <extension module="org.jboss.as.security"/>
        <extension module="org.jboss.as.transactions"/>
        <extension module="org.jboss.as.weld"/>
        <extension module="org.keycloak.keycloak-server-subsystem"/>
        <extension module="org.wildfly.extension.bean-validation"/>
        <extension module="org.wildfly.extension.core-management"/>
        <extension module="org.wildfly.extension.elytron"/>
        <extension module="org.wildfly.extension.io"/>
        <extension module="org.wildfly.extension.microprofile.config-smallrye"/>
        <extension module="org.wildfly.extension.microprofile.health-smallrye"/>
        <extension module="org.wildfly.extension.microprofile.metrics-smallrye"/>
        <extension module="org.wildfly.extension.request-controller"/>
        <extension module="org.wildfly.extension.security.manager"/>
        <extension module="org.wildfly.extension.undertow"/>
    </extensions>
    <management>
        <security-realms>
            <security-realm name="ManagementRealm">
                <authentication>
                    <local default-user="$local" skip-group-loading="true"/>
                    <properties path="mgmt-users.properties" relative-to="jboss.server.config.dir"/>
                </authentication>
                <authorization map-groups-to-roles="false">
                    <properties path="mgmt-groups.properties" relative-to="jboss.server.config.dir"/>
                </authorization>
            </security-realm>
            <security-realm name="ApplicationRealm">
                <server-identities>
                    <ssl>
                        <keystore path="application.keystore" relative-to="jboss.server.config.dir" keystore-password="password" alias="server" key-password="password" generate-self-signed-certificate-host="localhost"/>
                    </ssl>
                </server-identities>
                <authentication>
                    <local default-user="$local" allowed-users="*" skip-group-loading="true"/>
                    <properties path="application-users.properties" relative-to="jboss.server.config.dir"/>
                </authentication>
                <authorization>
                    <properties path="application-roles.properties" relative-to="jboss.server.config.dir"/>
                </authorization>
            </security-realm>
        </security-realms>
        <audit-log>
            <formatters>
                <json-formatter name="json-formatter"/>
            </formatters>
            <handlers>
                <file-handler name="file" formatter="json-formatter" path="audit-log.log" relative-to="jboss.server.data.dir"/>
            </handlers>
            <logger log-boot="true" log-read-only="false" enabled="false">
                <handlers>
                    <handler name="file"/>
                </handlers>
            </logger>
        </audit-log>
        <management-interfaces>
            <http-interface security-realm="ManagementRealm">
                <http-upgrade enabled="true"/>
                <socket-binding http="management-http"/>
            </http-interface>
        </management-interfaces>
        <access-control provider="simple">
            <role-mapping>
                <role name="SuperUser">
                    <include>
                        <user name="$local"/>
                    </include>
                </role>
            </role-mapping>
        </access-control>
    </management>
    <profile>
        <subsystem xmlns="urn:jboss:domain:logging:8.0">
            <console-handler name="CONSOLE">
                <level name="INFO"/>
                <formatter>
                    <named-formatter name="COLOR-PATTERN"/>
                </formatter>
            </console-handler>
            <periodic-rotating-file-handler name="FILE" autoflush="true">
                <formatter>
                    <named-formatter name="PATTERN"/>
                </formatter>
                <file relative-to="jboss.server.log.dir" path="server.log"/>
                <suffix value=".yyyy-MM-dd"/>
                <append value="true"/>
            </periodic-rotating-file-handler>
            <logger category="com.arjuna">
                <level name="WARN"/>
            </logger>
            <logger category="io.jaegertracing.Configuration">
                <level name="WARN"/>
            </logger>
            <logger category="org.jboss.as.config">
                <level name="DEBUG"/>
            </logger>
            <logger category="sun.rmi">
                <level name="WARN"/>
            </logger>
            <root-logger>
                <level name="INFO"/>
                <handlers>
                    <handler name="CONSOLE"/>
                    <handler name="FILE"/>
                </handlers>
            </root-logger>
            <formatter name="PATTERN">
                <pattern-formatter pattern="%d{yyyy-MM-dd HH:mm:ss,SSS} %-5p [%c] (%t) %s%e%n"/>
            </formatter>
            <formatter name="COLOR-PATTERN">
                <pattern-formatter pattern="%K{level}%d{HH:mm:ss,SSS} %-5p [%c] (%t) %s%e%n"/>
            </formatter>
        </subsystem>
        <subsystem xmlns="urn:jboss:domain:bean-validation:1.0"/>
        <subsystem xmlns="urn:jboss:domain:core-management:1.0"/>
        <subsystem xmlns="urn:jboss:domain:datasources:5.0">
            <datasources>
                <!-- datasource jndi-name="java:jboss/datasources/ExampleDS" pool-name="ExampleDS" enabled="true" use-java-context="true" statistics-enabled="${wildfly.datasources.statistics-enabled:${wildfly.statistics-enabled:false}}" -->
                    <!-- connection-url>jdbc:oracle:thin:@//sgdbs7:1521/test;DB_CLOSE_DELAY=-1;DB_CLOSE_ON_EXIT=FALSE</connection-url -->
                    <!-- driver>oracle</driver -->
                    <!-- security -->
                        <!-- user-name>kk1</user-name -->
                        <!-- password>Stuttgart20204kk1</password -->
                    <!-- /security -->
                <!-- /datasource -->
                <datasource jndi-name="java:jboss/datasources/KeycloakDS" pool-name="KeycloakDS" enabled="true" use-java-context="true" statistics-enabled="${wildfly.datasources.statistics-enabled:${wildfly.statistics-enabled:false}}">
                    <connection-url>jdbc:oracle:thin:@//sgdbs7:1521/kk_db</connection-url>
                    <driver>oracle</driver>
                    <security>
                        <user-name>kk1</user-name>
                        <password>Stuttgart20204kk1</password>
                    </security>
                </datasource>
                <drivers>
                    <driver name="oracle" module="org.oracle">
                        <xa-datasource-class>oracle.jdbc.xa.client.OracleXADataSource</xa-datasource-class>
                    </driver>
                </drivers>
            </datasources>
        </subsystem>
        <subsystem xmlns="urn:jboss:domain:deployment-scanner:2.0">
            <deployment-scanner path="deployments" relative-to="jboss.server.base.dir" scan-interval="5000" runtime-failure-causes-rollback="${jboss.deployment.scanner.rollback.on.failure:false}"/>
        </subsystem>
        <subsystem xmlns="urn:jboss:domain:ee:4.0">
            <spec-descriptor-property-replacement>false</spec-descriptor-property-replacement>
            <concurrent>
                <context-services>
                    <context-service name="default" jndi-name="java:jboss/ee/concurrency/context/default" use-transaction-setup-provider="true"/>
                </context-services>
                <managed-thread-factories>
                    <managed-thread-factory name="default" jndi-name="java:jboss/ee/concurrency/factory/default" context-service="default"/>
                </managed-thread-factories>
                <managed-executor-services>
                    <managed-executor-service name="default" jndi-name="java:jboss/ee/concurrency/executor/default" context-service="default" hung-task-threshold="60000" keepalive-time="5000"/>
                </managed-executor-services>
                <managed-scheduled-executor-services>
                    <managed-scheduled-executor-service name="default" jndi-name="java:jboss/ee/concurrency/scheduler/default" context-service="default" hung-task-threshold="60000" keepalive-time="3000"/>
                </managed-scheduled-executor-services>
            </concurrent>
            <default-bindings context-service="java:jboss/ee/concurrency/context/default" datasource="java:jboss/datasources/KeycloakDS" managed-executor-service="java:jboss/ee/concurrency/executor/default" managed-scheduled-executor-service="java:jboss/ee/concurrency/scheduler/default" managed-thread-factory="java:jboss/ee/concurrency/factory/default"/>
        </subsystem>
        <subsystem xmlns="urn:jboss:domain:ejb3:6.0">
            <session-bean>
                <stateless>
                    <bean-instance-pool-ref pool-name="slsb-strict-max-pool"/>
                </stateless>
                <stateful default-access-timeout="5000" cache-ref="distributable" passivation-disabled-cache-ref="simple"/>
                <singleton default-access-timeout="5000"/>
            </session-bean>
            <pools>
                <bean-instance-pools>
                    <strict-max-pool name="mdb-strict-max-pool" derive-size="from-cpu-count" instance-acquisition-timeout="5" instance-acquisition-timeout-unit="MINUTES"/>
                    <strict-max-pool name="slsb-strict-max-pool" derive-size="from-worker-pools" instance-acquisition-timeout="5" instance-acquisition-timeout-unit="MINUTES"/>
                </bean-instance-pools>
            </pools>
            <caches>
                <cache name="simple"/>
                <cache name="distributable" passivation-store-ref="infinispan" aliases="passivating clustered"/>
            </caches>
            <passivation-stores>
                <passivation-store name="infinispan" cache-container="ejb" max-size="10000"/>
            </passivation-stores>
            <async thread-pool-name="default"/>
            <timer-service thread-pool-name="default" default-data-store="default-file-store">
                <data-stores>
                    <file-data-store name="default-file-store" path="timer-service-data" relative-to="jboss.server.data.dir"/>
                </data-stores>
            </timer-service>
            <remote connector-ref="http-remoting-connector" thread-pool-name="default">
                <channel-creation-options>
                    <option name="MAX_OUTBOUND_MESSAGES" value="1234" type="remoting"/>
                </channel-creation-options>
            </remote>
            <thread-pools>
                <thread-pool name="default">
                    <max-threads count="10"/>
                    <keepalive-time time="60" unit="seconds"/>
                </thread-pool>
            </thread-pools>
            <default-security-domain value="other"/>
            <default-missing-method-permissions-deny-access value="true"/>
            <statistics enabled="${wildfly.ejb3.statistics-enabled:${wildfly.statistics-enabled:false}}"/>
            <log-system-exceptions value="true"/>
        </subsystem>
        <subsystem xmlns="urn:jboss:domain:io:3.0">
            <worker name="default"/>
            <buffer-pool name="default"/>
        </subsystem>
        <subsystem xmlns="urn:jboss:domain:infinispan:9.0">
            <cache-container name="keycloak">
                <transport lock-timeout="60000"/>
                <local-cache name="realms">
                    <object-memory size="10000"/>
                </local-cache>
                <local-cache name="users">
                    <object-memory size="10000"/>
                </local-cache>
                <distributed-cache name="sessions" owners="1"/>
                <distributed-cache name="authenticationSessions" owners="1"/>
                <distributed-cache name="offlineSessions" owners="1"/>
                <distributed-cache name="clientSessions" owners="1"/>
                <distributed-cache name="offlineClientSessions" owners="1"/>
                <distributed-cache name="loginFailures" owners="1"/>
                <local-cache name="authorization">
                    <object-memory size="10000"/>
                </local-cache>
                <replicated-cache name="work"/>
                <local-cache name="keys">
                    <object-memory size="1000"/>
                    <expiration max-idle="3600000"/>
                </local-cache>
                <distributed-cache name="actionTokens" owners="2">
                    <object-memory size="-1"/>
                    <expiration max-idle="-1" interval="300000"/>
                </distributed-cache>
            </cache-container>
            <cache-container name="server" aliases="singleton cluster" default-cache="default" module="org.wildfly.clustering.server">
                <transport lock-timeout="60000"/>
                <replicated-cache name="default">
                    <transaction mode="BATCH"/>
                </replicated-cache>
            </cache-container>
            <cache-container name="web" default-cache="dist" module="org.wildfly.clustering.web.infinispan">
                <transport lock-timeout="60000"/>
                <replicated-cache name="sso">
                    <locking isolation="REPEATABLE_READ"/>
                    <transaction mode="BATCH"/>
                </replicated-cache>
                <distributed-cache name="dist">
                    <locking isolation="REPEATABLE_READ"/>
                    <transaction mode="BATCH"/>
                    <file-store/>
                </distributed-cache>
                <distributed-cache name="routing"/>
            </cache-container>
            <cache-container name="ejb" aliases="sfsb" default-cache="dist" module="org.wildfly.clustering.ejb.infinispan">
                <transport lock-timeout="60000"/>
                <distributed-cache name="dist">
                    <locking isolation="REPEATABLE_READ"/>
                    <transaction mode="BATCH"/>
                    <file-store/>
                </distributed-cache>
            </cache-container>
            <cache-container name="hibernate" module="org.infinispan.hibernate-cache">
                <transport lock-timeout="60000"/>
                <local-cache name="local-query">
                    <object-memory size="10000"/>
                    <expiration max-idle="100000"/>
                </local-cache>
                <invalidation-cache name="entity">
                    <transaction mode="NON_XA"/>
                    <object-memory size="10000"/>
                    <expiration max-idle="100000"/>
                </invalidation-cache>
                <replicated-cache name="timestamps"/>
            </cache-container>
        </subsystem>
        <subsystem xmlns="urn:jboss:domain:jaxrs:1.0"/>
        <subsystem xmlns="urn:jboss:domain:jca:5.0">
            <archive-validation enabled="true" fail-on-error="true" fail-on-warn="false"/>
            <bean-validation enabled="true"/>
            <default-workmanager>
                <short-running-threads>
                    <core-threads count="50"/>
                    <queue-length count="50"/>
                    <max-threads count="50"/>
                    <keepalive-time time="10" unit="seconds"/>
                </short-running-threads>
                <long-running-threads>
                    <core-threads count="50"/>
                    <queue-length count="50"/>
                    <max-threads count="50"/>
                    <keepalive-time time="10" unit="seconds"/>
                </long-running-threads>
            </default-workmanager>
            <cached-connection-manager/>
        </subsystem>
        <subsystem xmlns="urn:jboss:domain:jgroups:7.0">
            <channels default="ee">
                <channel name="ee" stack="udp" cluster="ejb"/>
            </channels>
            <stacks>
                <stack name="udp">
                    <transport type="UDP" socket-binding="jgroups-udp"/>
                    <protocol type="PING"/>
                    <protocol type="MERGE3"/>
                    <socket-protocol type="FD_SOCK" socket-binding="jgroups-udp-fd"/>
                    <protocol type="FD_ALL"/>
                    <protocol type="VERIFY_SUSPECT"/>
                    <protocol type="pbcast.NAKACK2"/>
                    <protocol type="UNICAST3"/>
                    <protocol type="pbcast.STABLE"/>
                    <protocol type="pbcast.GMS"/>
                    <protocol type="UFC"/>
                    <protocol type="MFC"/>
                    <protocol type="FRAG3"/>
                </stack>
                <stack name="tcp">
                    <transport type="TCP" socket-binding="jgroups-tcp"/>
                    <!-- socket-protocol type="MPING" socket-binding="jgroups-mping"/ -->
                    <protocol type="MERGE3"/>
                    <socket-protocol type="FD_SOCK" socket-binding="jgroups-tcp-fd"/>
                    <protocol type="FD_ALL"/>
                    <protocol type="VERIFY_SUSPECT"/>
                    <protocol type="pbcast.NAKACK2"/>
                    <protocol type="UNICAST3"/>
                    <protocol type="pbcast.STABLE"/>
                    <protocol type="pbcast.GMS"/>
                    <protocol type="MFC"/>
                    <protocol type="FRAG3"/>
                </stack>
            </stacks>
        </subsystem>
        <subsystem xmlns="urn:jboss:domain:jmx:1.3">
            <expose-resolved-model/>
            <expose-expression-model/>
            <remoting-connector/>
        </subsystem>
        <subsystem xmlns="urn:jboss:domain:jpa:1.1">
            <jpa default-datasource="" default-extended-persistence-inheritance="DEEP"/>
        </subsystem>
        <subsystem xmlns="urn:jboss:domain:mail:3.0">
            <mail-session name="default" jndi-name="java:jboss/mail/Default">
                <smtp-server outbound-socket-binding-ref="mail-smtp"/>
            </mail-session>
        </subsystem>
        <subsystem xmlns="urn:jboss:domain:modcluster:5.0">
            <proxy name="default" advertise-socket="modcluster" listener="ajp">
                <dynamic-load-provider>
                    <load-metric type="cpu"/>
                </dynamic-load-provider>
            </proxy>
        </subsystem>
        <subsystem xmlns="urn:jboss:domain:naming:2.0">
            <remote-naming/>
        </subsystem>
        <subsystem xmlns="urn:jboss:domain:remoting:4.0">
            <http-connector name="http-remoting-connector" connector-ref="default" security-realm="ApplicationRealm"/>
        </subsystem>
        <subsystem xmlns="urn:jboss:domain:request-controller:1.0"/>
        <subsystem xmlns="urn:jboss:domain:security-manager:1.0">
            <deployment-permissions>
                <maximum-set>
                    <permission class="java.security.AllPermission"/>
                </maximum-set>
            </deployment-permissions>
        </subsystem>
        <subsystem xmlns="urn:wildfly:elytron:8.0" final-providers="combined-providers" disallowed-providers="OracleUcrypto">
            <providers>
                <aggregate-providers name="combined-providers">
                    <providers name="elytron"/>
                    <providers name="openssl"/>
                </aggregate-providers>
                <provider-loader name="elytron" module="org.wildfly.security.elytron"/>
                <provider-loader name="openssl" module="org.wildfly.openssl"/>
            </providers>
            <audit-logging>
                <file-audit-log name="local-audit" path="audit.log" relative-to="jboss.server.log.dir" format="JSON"/>
            </audit-logging>
            <security-domains>
                <security-domain name="ApplicationDomain" default-realm="ApplicationRealm"

Palino1611 · March 13, 2020, 8:50pm

permission-mapper="default-permission-mapper">
                        <realm name="ApplicationRealm" role-decoder="groups-to-roles"/>
                        <realm name="local"/>
                    </security-domain>
                    <security-domain name="ManagementDomain" default-realm="ManagementRealm" permission-mapper="default-permission-mapper">
                        <realm name="ManagementRealm" role-decoder="groups-to-roles"/>
                        <realm name="local" role-mapper="super-user-mapper"/>
                    </security-domain>
                </security-domains>
                <security-realms>
                    <identity-realm name="local" identity="$local"/>
                    <properties-realm name="ApplicationRealm">
                        <users-properties path="application-users.properties" relative-to="jboss.server.config.dir" digest-realm-name="ApplicationRealm"/>
                        <groups-properties path="application-roles.properties" relative-to="jboss.server.config.dir"/>
                    </properties-realm>
                    <properties-realm name="ManagementRealm">
                        <users-properties path="mgmt-users.properties" relative-to="jboss.server.config.dir" digest-realm-name="ManagementRealm"/>
                        <groups-properties path="mgmt-groups.properties" relative-to="jboss.server.config.dir"/>
                    </properties-realm>
                </security-realms>
                <mappers>
                    <simple-permission-mapper name="default-permission-mapper" mapping-mode="first">
                        <permission-mapping>
                            <principal name="anonymous"/>
                            <permission-set name="default-permissions"/>
                        </permission-mapping>
                        <permission-mapping match-all="true">
                            <permission-set name="login-permission"/>
                            <permission-set name="default-permissions"/>
                        </permission-mapping>
                    </simple-permission-mapper>
                    <constant-realm-mapper name="local" realm-name="local"/>
                    <simple-role-decoder name="groups-to-roles" attribute="groups"/>
                    <constant-role-mapper name="super-user-mapper">
                        <role name="SuperUser"/>
                    </constant-role-mapper>
                </mappers>
                <permission-sets>
                    <permission-set name="login-permission">
                        <permission class-name="org.wildfly.security.auth.permission.LoginPermission"/>
                    </permission-set>
                    <permission-set name="default-permissions">
                        <permission class-name="org.wildfly.extension.batch.jberet.deployment.BatchPermission" module="org.wildfly.extension.batch.jberet" target-name="*"/>
                        <permission class-name="org.wildfly.transaction.client.RemoteTransactionPermission" module="org.wildfly.transaction.client"/>
                        <permission class-name="org.jboss.ejb.client.RemoteEJBPermission" module="org.jboss.ejb-client"/>
                    </permission-set>
                </permission-sets>
                <http>
                    <http-authentication-factory name="management-http-authentication" security-domain="ManagementDomain" http-server-mechanism-factory="global">
                        <mechanism-configuration>
                            <mechanism mechanism-name="DIGEST">
                                <mechanism-realm realm-name="ManagementRealm"/>
                            </mechanism>
                        </mechanism-configuration>
                    </http-authentication-factory>
                    <provider-http-server-mechanism-factory name="global"/>
                </http>
                <sasl>
                    <sasl-authentication-factory name="application-sasl-authentication" sasl-server-factory="configured" security-domain="ApplicationDomain">
                        <mechanism-configuration>
                            <mechanism mechanism-name="JBOSS-LOCAL-USER" realm-mapper="local"/>
                            <mechanism mechanism-name="DIGEST-MD5">
                                <mechanism-realm realm-name="ApplicationRealm"/>
                            </mechanism>
                        </mechanism-configuration>
                    </sasl-authentication-factory>
                    <sasl-authentication-factory name="management-sasl-authentication" sasl-server-factory="configured" security-domain="ManagementDomain">
                        <mechanism-configuration>
                            <mechanism mechanism-name="JBOSS-LOCAL-USER" realm-mapper="local"/>
                            <mechanism mechanism-name="DIGEST-MD5">
                                <mechanism-realm realm-name="ManagementRealm"/>
                            </mechanism>
                        </mechanism-configuration>
                    </sasl-authentication-factory>
                    <configurable-sasl-server-factory name="configured" sasl-server-factory="elytron">
                        <properties>
                            <property name="wildfly.sasl.local-user.default-user" value="$local"/>
                            <property name="dataSource" value="java:jboss/datasources/KeycloakDS"/>
                            <property name="driverDialect" value="org.hibernate.dialect.Oracle12cDialect"/>
                            <property name="initializeEmpty" value="true"/>
                            <property name="migrationStrategy" value="update"/>
                            <property name="migrationExport" value="${jboss.home.dir}/keycloak-database-update.sql"/>
                        </properties>
                    </configurable-sasl-server-factory>
                    <mechanism-provider-filtering-sasl-server-factory name="elytron" sasl-server-factory="global">
                        <filters>
                            <filter provider-name="WildFlyElytron"/>
                        </filters>
                    </mechanism-provider-filtering-sasl-server-factory>
                    <provider-sasl-server-factory name="global"/>
                </sasl>
            </subsystem>
            <subsystem xmlns="urn:jboss:domain:security:2.0">
                <security-domains>
                    <security-domain name="other" cache-type="default">
                        <authentication>
                            <login-module code="Remoting" flag="optional">
                                <module-option name="password-stacking" value="useFirstPass"/>
                            </login-module>
                            <login-module code="RealmDirect" flag="required">
                                <module-option name="password-stacking" value="useFirstPass"/>
                            </login-module>
                        </authentication>
                    </security-domain>
                    <security-domain name="jboss-web-policy" cache-type="default">
                        <authorization>
                            <policy-module code="Delegating" flag="required"/>
                        </authorization>
                    </security-domain>
                    <security-domain name="jaspitest" cache-type="default">
                        <authentication-jaspi>
                            <login-module-stack name="dummy">
                                <login-module code="Dummy" flag="optional"/>
                            </login-module-stack>
                            <auth-module code="Dummy"/>
                        </authentication-jaspi>
                    </security-domain>
                    <security-domain name="jboss-ejb-policy" cache-type="default">
                        <authorization>
                            <policy-module code="Delegating" flag="required"/>
                        </authorization>
                    </security-domain>
                </security-domains>
            </subsystem>
            <subsystem xmlns="urn:jboss:domain:transactions:5.0">
                <core-environment node-identifier="${jboss.tx.node.id:1}">
                    <process-id>
                        <uuid/>
                    </process-id>
                </core-environment>
                <recovery-environment socket-binding="txn-recovery-environment" status-socket-binding="txn-status-manager"/>
                <coordinator-environment statistics-enabled="${wildfly.transactions.statistics-enabled:${wildfly.statistics-enabled:false}}"/>
                <object-store path="tx-object-store" relative-to="jboss.server.data.dir"/>
            </subsystem>
            <subsystem xmlns="urn:jboss:domain:weld:4.0"/>
            <subsystem xmlns="urn:wildfly:microprofile-config-smallrye:1.0"/>
            <subsystem xmlns="urn:wildfly:microprofile-health-smallrye:2.0" security-enabled="false" empty-liveness-checks-status="${env.MP_HEALTH_EMPTY_LIVENESS_CHECKS_STATUS:UP}" empty-readiness-checks-status="${env.MP_HEALTH_EMPTY_READINESS_CHECKS_STATUS:UP}"/>
            <subsystem xmlns="urn:wildfly:microprofile-metrics-smallrye:2.0" security-enabled="false" exposed-subsystems="*" prefix="${wildfly.metrics.prefix:wildfly}"/>
            <subsystem xmlns="urn:jboss:domain:undertow:10.0" default-server="default-server" default-virtual-host="default-host" default-servlet-container="default" default-security-domain="other" statistics-enabled="${wildfly.undertow.statistics-enabled:${wildfly.statistics-enabled:false}}">
                <buffer-cache name="default"/>
                <server name="default-server">
                    <ajp-listener name="ajp" socket-binding="ajp"/>
                    <http-listener name="default" socket-binding="http" proxy-address-forwarding="true"/>
                    <https-listener name="https" socket-binding="https" security-realm="ApplicationRealm" enable-http2="true"/>
                    <host name="default-host" alias="localhost">
                        <location name="/" handler="welcome-content"/>
                        <http-invoker security-realm="ApplicationRealm"/>
                    </host>
                </server>
                <servlet-container name="default">
                    <jsp-config/>
                    <websockets/>
                </servlet-container>
                <handlers>
                    <file name="welcome-content" path="${jboss.home.dir}/welcome-content"/>
                </handlers>
            </subsystem>
            <subsystem xmlns="urn:jboss:domain:keycloak-server:1.1">
                <web-context>auth</web-context>
                <providers>
                    <provider>classpath:${jboss.home.dir}/providers/*</provider>
                </providers>
                <master-realm-name>master</master-realm-name>
                <scheduled-task-interval>900</scheduled-task-interval>
                <theme>
                    <staticMaxAge>2592000</staticMaxAge>
                    <cacheThemes>true</cacheThemes>
                    <cacheTemplates>true</cacheTemplates>
                    <dir>${jboss.home.dir}/themes</dir>
                </theme>
                <spi name="eventsStore">
                    <provider name="jpa" enabled="true">
                        <properties>
                            <property name="exclude-events" value="[&quot;REFRESH_TOKEN&quot;]"/>
                        </properties>
                    </provider>
                </spi>
                <spi name="userCache">
                    <provider name="default" enabled="true"/>
                </spi>
                <spi name="userSessionPersister">
                    <default-provider>jpa</default-provider>
                </spi>
                <spi name="timer">
                    <default-provider>basic</default-provider>
                </spi>
                <spi name="connectionsHttpClient">
                    <provider name="default" enabled="true"/>
                </spi>
                <spi name="connectionsJpa">
                    <provider name="default" enabled="true">
                        <properties>
                            <property name="dataSource" value="java:jboss/datasources/KeycloakDS"/>
    			<property name="driverDialect" value="org.hibernate.dialect.Oracle12cDialect"/>
                            <property name="initializeEmpty" value="true"/>
                            <property name="migrationStrategy" value="update"/>
                            <property name="migrationExport" value="${jboss.home.dir}/keycloak-database-update.sql"/>
                        </properties>
                    </provider>
                </spi>
                <spi name="realmCache">
                    <provider name="default" enabled="true"/>
                </spi>
                <spi name="connectionsInfinispan">
                    <default-provider>default</default-provider>
                    <provider name="default" enabled="true">
                        <properties>
                            <property name="cacheContainer" value="java:jboss/infinispan/container/keycloak"/>
                        </properties>
                    </provider>
                </spi>
                <spi name="jta-lookup">
                    <default-provider>${keycloak.jta.lookup.provider:jboss}</default-provider>
                    <provider name="jboss" enabled="true"/>
                </spi>
                <spi name="publicKeyStorage">
                    <provider name="infinispan" enabled="true">
                        <properties>
                            <property name="minTimeBetweenRequests" value="10"/>
                        </properties>
                    </provider>
                </spi>
                <spi name="x509cert-lookup">
                    <default-provider>${keycloak.x509cert.lookup.provider:default}</default-provider>
                    <provider name="default" enabled="true"/>
                </spi>
                <spi name="hostname">
                    <default-provider>default</default-provider>
                    <provider name="default" enabled="true">
                        <properties>
                            <property name="frontendUrl" value="${keycloak.frontendUrl:}"/>
                            <property name="forceBackendUrlToFrontendUrl" value="false"/>
                        </properties>
                    </provider>
                </spi>
            </subsystem>
        </profile>
        <interfaces>
            <interface name="management">
                <inet-address value="${jboss.bind.address.management:10.12.201.3}"/>
            </interface>
            <interface name="private">
                <inet-address value="${jboss.bind.address.private:10.12.201.3}"/>
            </interface>
            <interface name="public">
                <inet-address value="${jboss.bind.address:10.12.201.3}"/>
            </interface>
        </interfaces>
        <socket-binding-group name="standard-sockets" default-interface="public" port-offset="${jboss.socket.binding.port-offset:0}">
            <socket-binding name="ajp" port="${jboss.ajp.port:8009}"/>
            <socket-binding name="http" port="${jboss.http.port:8080}"/>
            <socket-binding name="https" port="${jboss.https.port:8443}"/>
            <socket-binding name="jgroups-mping" interface="private" multicast-address="${jboss.default.multicast.address:230.0.0.4}" multicast-port="45700"/>
            <socket-binding name="jgroups-tcp" interface="private" port="7600"/>
            <socket-binding name="jgroups-tcp-fd" interface="private" port="57600"/>
            <socket-binding name="jgroups-udp" interface="private" port="55200" multicast-address="${jboss.default.multicast.address:230.0.0.4}" multicast-port="45688"/>
            <socket-binding name="jgroups-udp-fd" interface="private" port="54200"/>
            <socket-binding name="management-http" interface="management" port="${jboss.management.http.port:9990}"/>
            <socket-binding name="management-https" interface="management" port="${jboss.management.https.port:9993}"/>
            <socket-binding name="modcluster" multicast-address="${jboss.modcluster.multicast.address:224.0.1.105}" multicast-port="23364"/>
            <socket-binding name="txn-recovery-environment" port="4712"/>
            <socket-binding name="txn-status-manager" port="4713"/>
            <outbound-socket-binding name="mail-smtp">
                <remote-destination host="localhost" port="25"/>
            </outbound-socket-binding>
        </socket-binding-group>
    </server>