Hi,
We are facing a strange bug with a remote Infinispan cluster with JDBC persistence and Keycloak (wildfly based).
I agree that it is quite an unusual set-up but we have to make it work…
Keycloak 17.0.0 (legacy, wildfly) (will be migrated to Quarkus in a few months)
Infinispan 13.0.6.Final
PostgreSQL 14.X
Note : this bug does not occur with a remote Infinispan cluster without JDBC persistence.
Scenario :
docker-compose up
- Login to http://localhost:8080/js-console with test/test
- Look at new Session timestamp in database (correct = Current time + SSO session Max (10 hours)):
- Then go on another application, click on “Account” button in js-console, we are already logged in, OK.
- Look at existing session timestamp in database. It has been updated with wrong timestamp => 01/01/1970 + SSO session Max (10 hours) instead of Current timestamp + SSO session Max (10 hours)
- => session quickly removed, user logged out
We have looked at theses classes and put them in DEBUG but were not able to identify the root cause :
org.keycloak.models.sessions.infinispan.remotestore.RemoteCacheSessionListener
org.keycloak.models.sessions.infinispan.remotestore.RemoteCacheInvoker
org.keycloak.models.sessions.infinispan.InfinispanUserSessionProvider
If anyone can help us on this problem …
Is there a big mistake in our configuration ? we simplified it a bit for the example (remove security, single Keycloak/ISPN instance, …)
thanks