Sessions shared over multiple instances of KeyCloak

We have some strange behavior here in KeyCloak. There are multiple instances of KeyCloak, for development, integration testing, and also for specific testing purposes. Each of these KeyCloak instances is in its own Docker container. We use the default H2 database. Now when I log in against instance-1, on instance-2 I see the session as well. Not in all cases, for certain client IDs it is not like that. We haven’t configured any clustering. At least whe do not know of it… Does anyone have any idea where we should start looking for the cause?

What’s important: in docker-compose we import the realm config that fits for the corresponding environment. If we remove the id- properties in this config, the problem is gone, because this will give the clients a different id on each environment.

However, the question remains: how and why do these KeyCloak instances share data across container boundaries?

Without knowing your exact configuration, it is hard to say, but my guess is Infinispan is using multicast to discover the other nodes and the cache is getting shared/replicated between them. Can you isolate the network each instance is on to see if that stops the behavior?

1 Like