Spring Boot, KeyCloak and Redis as a session store

1

Can someone suggest how to configure Spring microservices to authenticate via KeyCloak, and then use Redis as the session store? I’ve spent a day googling and banging my head on this, and I just don’t feel like I’m getting anywhere.

I know how to configure each one independently - i.e. I can make a boot app that auths via KeyCloak, and I can also make a boot app that keeps session in Redis, but I’m not getting them to work together. Is this possible? It seems like it should be.

My working POC would behave something like this:

  • start my service1
  • access some resource that forces a login via KeyCloak - access to resource is granted
  • start my service2 (sharing the same realm as service1) on different browser
  • access some other resource but with the same user which is logged in to service1, but now no login is needed (since session is persisted in Redis)
2

I hope this helps: https://github.com/zak905/spring-boot-keycloak-mongo-session-bug

This is for mongo DB and was originally to show a bug with session serialization, but now the bug is fixed. Same thing applies for Redis I guess, I think you can just remove the JdkMongoSessionConverter bean and add a redis config like shown here: https://github.com/spring-projects/spring-session/blob/2.2.2.RELEASE/spring-session-samples/spring-session-sample-boot-redis-simple/src/main/java/sample/config/SessionConfig.java, and also replace @EnableMongoHttpSession with @EnableRedisHttpSession

I have not tried though, so I cannot promise it will work.

3

Hi @zak,

Thanks for the reply. But this does not fulfill my requirement. i opened your application on chorme and it asked me to login. after logging in, i opened your application in mozilla and there again it asked me to login. this is exactly what i don’t want.

My requirement is: once user is logged in to the application from one browser, it should not be asked to login while accessing the application from another browser. in simple ways i want the session to be stored in mongo/redis and whenever the user logs in the session should be fetched from mongo/redis. so that user will not be asked to login again.

4

once user is logged in to the application from one browser, it should not be asked to login while accessing the application from another browser

I am not sure I understand what kind of sessions you are talking about. Http sessions are stored in the browser cookies and are not cross browser. Sessions serialization is useful when you have a cluster with several instances of one application, in this case, the session is not lost if your http calls get load balanced from one instance to the other. Besides that, I am not really sure what you are trying to achieve here.

5

Hi @zak,

sorry for the confusion. all i want is

  • i have two microservices(service1 and service2) secured by keycloak sharing the same realm and users. only the client name differs.
  • lets say service1 is opened in chrome and the userA is logged in to access the secured resource.
  • next i opened the service2 in mozilla and want to access its secured resource with userA itself. for that i dont want to login again as the user is already authenticated for service1.

i hope it clears my requirement. it would be a great help if you can help me achieve this.