Keycloak.X persisting infinispan to jdbc store

Configuring the server
1

Hi.

I am trying to setup infinspan on Keycloak.X to persist to a JDBC cache store. I thought that the new infinispan XML namespace would allow for the same configuration as is available on a dedicated infinispan server, but I might have misundertood that, because I tried setting up a jdbc cache the same way it is done on a dedicated infinispan, and it would not parse. So I looked up the xml schema, and sure that configuration is not available. Is there really no other way to persist to jdbc, than to use a dedicated infinispan server and configuring that as a remote-cache? I was really hoping keycloak.x had a solution for this, because I really want to avoid setting up the infinispan infrastructure if I can.

I got the following error when I tried the configuration below:

ERROR [org.key.cli.Picocli] (main) ERROR: org.infinispan.commons.CacheConfigurationException: ISPN000327: Cannot find a parser for element 'string-keyed-jdbc-store' in namespace 'urn:infinispan:config:11.0'. Check that your configuration is up-to date for Infinispan '11.0.4.Final' and if you have the proper dependency in the classpath
ERROR [org.key.cli.Picocli] (main) ERROR: ISPN000327: Cannot find a parser for element 'string-keyed-jdbc-store' in namespace 'urn:infinispan:config:11.0'. Check that your configuration is up-to date for Infinispan '11.0.4.Final' and if you have the proper dependency in the classpath

Below is my cluster-default.xml configuration.

<?xml version="1.0" encoding="UTF-8"?>
<!--
  ~ Copyright 2019 Red Hat, Inc. and/or its affiliates
  ~ and other contributors as indicated by the @author tags.
  ~
  ~ Licensed under the Apache License, Version 2.0 (the "License");
  ~ you may not use this file except in compliance with the License.
  ~ You may obtain a copy of the License at
  ~
  ~ http://www.apache.org/licenses/LICENSE-2.0
  ~
  ~ Unless required by applicable law or agreed to in writing, software
  ~ distributed under the License is distributed on an "AS IS" BASIS,
  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  ~ See the License for the specific language governing permissions and
  ~ limitations under the License.
  -->

<infinispan
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="urn:infinispan:config:11.0 http://www.infinispan.org/schemas/infinispan-config-11.0.xsd"
    xmlns="urn:infinispan:config:11.0">

<cache-container name="keycloak">
    <transport lock-timeout="60000"/>
    <local-cache name="realms">
        <encoding>
            <key media-type="application/x-java-object"/>
            <value media-type="application/x-java-object"/>
        </encoding>
        <memory storage="HEAP" max-count="10000"/>
    </local-cache>
    <local-cache name="users">
        <encoding>
            <key media-type="application/x-java-object"/>
            <value media-type="application/x-java-object"/>
        </encoding>
        <memory storage="HEAP" max-count="10000"/>
    </local-cache>

    <distributed-cache-configuration name="persistent-jdbc-string-keyed">
        <persistence>
            <string-keyed-jdbc-store datasource="java:jboss/datasources/PostgresDS" fetch-state="true" preload="false" purge="false" shared="false">
                <string-keyed-table prefix="ISPN">
                    <id-column name="id" type="VARCHAR"/>
                    <data-column name="datum" type="BYTEA"/>
                    <timestamp-column name="version" type="BIGINT"/>
                </string-keyed-table>
                <write-behind modification-queue-size="1024" thread-pool-size="1"/>
            </string-keyed-jdbc-store>
        </persistence>
    </distributed-cache-configuration>

    <distributed-cache name="sessions" owners="1" configuration="persistent-jdbc-string-keyed"/>
    <distributed-cache name="authenticationSessions" owners="1" configuration="persistent-jdbc-string-keyed"/>
    <distributed-cache name="offlineSessions" owners="1" configuration="persistent-jdbc-string-keyed"/>
    <distributed-cache name="clientSessions" owners="1" configuration="persistent-jdbc-string-keyed"/>
    <distributed-cache name="offlineClientSessions" owners="1" configuration="persistent-jdbc-string-keyed"/>
    <distributed-cache name="loginFailures" owners="1" configuration="persistent-jdbc-string-keyed"/>
    <local-cache name="authorization">
        <encoding>
            <key media-type="application/x-java-object"/>
            <value media-type="application/x-java-object"/>
        </encoding>
        <memory storage="HEAP" max-count="10000"/>
    </local-cache>
    <replicated-cache name="work" configuration="persistent-jdbc-string-keyed"/>
    <local-cache name="keys">
        <encoding>
            <key media-type="application/x-java-object"/>
            <value media-type="application/x-java-object"/>
        </encoding>
        <expiration max-idle="3600000"/>
        <memory storage="HEAP" max-count="1000"/>
    </local-cache>
    <distributed-cache name="actionTokens" owners="2" configuration="persistent-jdbc-string-keyed">
        <encoding>
            <key media-type="application/x-java-object"/>
            <value media-type="application/x-java-object"/>
        </encoding>
        <expiration max-idle="-1" interval="300000"/>
        <memory storage="HEAP" max-count="-1"/>
    </distributed-cache>
</cache-container>
</infinispan>
2 Likes
2

Hi.
I’ve the same problem using Redis configuration allowed by Infinispan:

Below is my “cluster-custom.xml” configuration:

<infinispan
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="urn:infinispan:config:11.0 http://www.infinispan.org/schemas/infinispan-config-11.0.xsd
                          urn:infinispan:config:store:redis:8.0 http://www.infinispan.org/schemas/infinispan-cachestore-redis-config-8.0.xsd"
    xmlns="urn:infinispan:config:11.0"
    xmlns:redis="urn:infinispan:config:store:redis:8.0" >

    <cache-container name="keycloak">
        <local-cache name="default">
            <transaction transaction-manager-lookup="org.infinispan.transaction.lookup.JBossStandaloneJTAManagerLookup"/>
        </local-cache>
        <local-cache name="realms">
            <encoding>
                <key media-type="application/x-java-object"/>
                <value media-type="application/x-java-object"/>
            </encoding>
            <memory storage="HEAP" max-count="10000"/>
        </local-cache>
        <local-cache name="users">
            <encoding>
                <key media-type="application/x-java-object"/>
                <value media-type="application/x-java-object"/>
            </encoding>
            <memory storage="HEAP" max-count="10000"/>
        </local-cache>        
        <local-cache name="sessions"/>
        <!--<local-cache name="authenticationSessions"/>-->
        <local-cache name="authenticationSessions">
            <persistence passivation="false">
                <redis-store xmlns="urn:infinispan:config:store:redis:8.0"
                    topology="server" socket-timeout="10000" connection-timeout="10000">
                    <redis-server host="xx.xxx.xx.xx" port="6379" />
                    <connection-pool min-idle="6" max-idle="10" max-total="20"
                        min-evictable-idle-time="30000" time-between-eviction-runs="30000" />
                </redis-store>
            </persistence>
        </local-cache> ....

But, i got the following error:

2021-01-04 14:26:03,329 ERROR [org.key.cli.Picocli] (main) ERROR: org.infinispan.commons.CacheConfigurationException: ISPN000327: Cannot find a parser for element ‘redis-store’ in namespace ‘urn:infinispan:config:store:redis:8.0’. Check that your configuration is up-to date for Infinispan ‘11.0.4.Final’ and if you have the proper dependency in the classpath
2021-01-04 14:26:03,329 ERROR [org.key.cli.Picocli] (main) ERROR: ISPN000327: Cannot find a parser for element ‘redis-store’ in namespace ‘urn:infinispan:config:store:redis:8.0’. Check that your configuration is up-to date for Infinispan ‘11.0.4.Final’ and if you have the proper dependency in the classpath

Is really possible to define another cache store in infinispan configuration, using the new Keycloak.X distribution?

2 Likes
3

Can someone confirm that the new infinispan xml schema introduced with keycloak.x is designed not to allow these kinds of configuration?

2 Likes
4

@SoerenSilkjaer @Pica Did you find a way to get infinispan working with redis/jdbc store?

5

@nishanthreddy yes, but only with a dedicated infinispan server

6

Hi @SoerenSilkjaer

We are still on the wildfly stack but also using a dedicated ISPN cluster with JDBC store for sessions and clientSessions and are facing this issue : https://github.com/keycloak/keycloak/discussions/10577

Would you share your infinispan XML configuration and Keycloak too to compare with our configuration and see what is wrong ?

Thanks a lot

8

@SoerenSilkjaer, Did you mean you used dedicated infinispan cluster backed by JDBC store or only the infinispan cluster?