Hi
I am trying to upgrade keycloak from 4.5.0.Final to 15.0.0. We have a cluster setup with standalone-ha using JDBC_PING sharing common datasource and having aws elb infront(same on 4.5.0 as well as 15.0.0).
Cluster is up as per logs also verified through jgroupping table in db. which has entry for both nodes
But unable to access UI with error similar to
2017-11-27 14:50:31,587 WARN [org.keycloak.events] (default task-17) type=LOGIN_ERROR, realmId=master, clientId=null, userId=null, ipAddress=aa.bb.cc.dd, error=expired_code, restart_after_timeout=true
Hostname provider is default in standalone-ha.xml(frontendUrl,adminUrl is not set)
[org.keycloak.url.DefaultHostnameProviderFactory] (ServerService Thread Pool – 68) Frontend: , Admin: , Backend:
Single instance is working fine, issue only with cluster
Question : is it necessary to enable sticky session for cluster setup in versions later than 4.5.0.Final as above version is running without sticky sessions?
If not, how would i make my cluster accessible through UI ?
If sticky sessions are necessary,
-
i tried to enable on aws elb with load balancer cookie, but applications using keycloak-admin-client library facing issues, getting invalid bearer token
-
If i enable sticky sessions through AUTH_SESSION_ID application cookie, getting infinite redirect with CODE_TO_TOKEN_ERROR - api whoami is failing with 401
i have not set jboss.node.name or stcikySession spi with route as false in config.
Any help is appreciated