Auth Token sharing across cluster nodes #22085
-
Hi, I have a Keycloak setup where keycloak is running on two different host machines (it is running on 2 different containers for now). Put another way, if I have a load balancer and the auth token is obtained from one keycloak instance but the REST client is then redirected to the other keycloak instance the request wouldn't work. How would one achieve this? I've gone thtough the documentation and I assumed that this was the default behaviour in a clustered setup. I have also read the section on using proxies and the load balancer, from what I understood the "sticky session" functionality was created so that the same keycloak instance that authenticated a user/client is always used to serve that user/client. But what if we don't want that? |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 5 replies
-
Have you already read this documentation? https://www.keycloak.org/server/hostname If you configure a common hostname for both machines, the auth tokens created by those machines should return the same issuer (starting with your hostname), and it should work as expected. |
Beta Was this translation helpful? Give feedback.
Ah, I meant that the hostname-url (as described in the docs) should be the same. Which means also the port has to be the same.
The hostname option is just a shortcut for http(s) servers available at port 80/443.
I think the question is: Which incoming URLs do you redirect to Keycloak in your load balancer?
The common base URL of those requests should be the hostname-url for Keycloak.