Keycloak 17 external Infinispan cluster

cristicalin · February 21, 2022, 9:59am

In key cloak 16.1 and prior based on wildfly it was possible to configure keycloak to use an external Infinispan cluster (like in Keycloak - Search) but this guide no longer applies to the quarkus distribution.

Is it still possible to configure keycloak 17 to use an external cluster? Could anyone point me to the right docs to set it up?

I managed to get keycloak to join an external cluster but it actually participates in the cluster and storing objects in the cluster fails since it does not serialise them so the infinispan server throw Class not found exceptions.

megicivovic · February 25, 2022, 11:16am

Apparently it is still used in Keycloak X, and I think they are embracing Infinispan even more.
Are you trying with the regular release train with Wildfly?

github.com

keycloak/keycloak-community/blob/main/design/keycloak.x/configuration.md#cluster

# Keycloak.X Server Configuration

* **Status**: Draft #2

## Principles

Keycloak.X should be configured through the different configuration options available.

Configuration options can be set using different formats: command-line arguments, environment variables, or a properties file. 

All configuration options are available in all different formats:

Command-line arguments:

    kc.[sh|bat] --<category>-<sub-category>-<property>=<value>
    
Environment variables:

    export KC_CATEGORY_SUB_CATEGORY_PROPERTY=<value>
    kc.[sh|bat]

This file has been truncated. show original

ddy · February 28, 2022, 1:09pm

Hi cristicalin,

Thomas Darimont updated and published an example here : keycloak-project-example/deployments/local/clusterx/haproxy-external-ispn at main · thomasdarimont/keycloak-project-example · GitHub

We were able to test connection to an external ISPN cluster with KC 17 Quarkus distribution.

cristicalin · March 1, 2022, 9:06am

Indeed this works, thank you for pointing me on the right direction @ddy!

akr · April 25, 2022, 4:33pm

Hi,

I am also trying to setup an external infinispan cluster and configure keycloak to interact with the external infinispan cluster on Kubernetes.

Now, I am using Keycloak 18.0.0 (Quarkus) version and its caching the data to the keycloak pods itself.

Configurations are:
KC_CACHE_STACK=kubernetes
JAVA_OPTS_APPEND = -headless.keycloak.svc.cluster.local

How would I configure the infinispan cluster in kubernates and then configure it to interact with keycloak pods? If there is any examples available, please share.

ashishtchaudhari · May 26, 2022, 3:03am

I have few related questions on this.
a. Does Quarkus support Redis and Keycloak would be able to use it? Or we still have to rely on Infinispan only ?
b. I have observed that even when using external Infinispan, Keycloak does cache sessions with itself? Then using external Infinispan, are we duplicating the session information?

Topic		Replies	Views
Need help with KeycloakX with external Infinispan cluster in K8s Configuring the server	0	213	June 21, 2023
Load balancing Quarkus Configuring the server	6	1582	August 7, 2022
Is external infinispan required for Keycloak HA? Getting advice authentication , oidc	3	884	May 5, 2023
[18.0.0 Quarkus] Trouble configuring Keycloak/hotrod for remote Infinispan cluster Configuring the server	3	1745	May 4, 2023
Connect Keycloak with External Infinispan cache server Getting advice	5	3170	July 4, 2022

Keycloak 17 external Infinispan cluster

Related Topics