Dealing with load balancer with keycloak stateful implementation #9909
Comments
|
Hello @Bogad. We had a long discussion about this earlier this year. To summarize: we'd like to keep the current implementation as its more secure to do authorization code flow on the server side. If you have scaling issues, we recommend replacing the session implementation in your server with something like Redis. If you'd like to implement a stateless OAuth 2.0 flow, you could use implicit flow (but that might be dead. PKCE + authorization code flow in the browser is possible and I have it working in my Ionic for JHipster module. If you'd like to see a stateless implementation in JWT, you can create a JHipster module. However, using a JWT as a session token is not recommended. |
|
Thanks @mraible for the reply |
|
That sounds like a big we should fix. Can you please enter it as separate issue with steps to reproduce?
… On Jun 13, 2019, at 08:26, Amine BOUAGGAD ***@***.***> wrote:
Thanks @mraible for the reply
Otherwise, in stateful case i have problems with swagger giving me always 401 because no authorize button is available to obtain a token as i can do with the stateless configuration
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub, or mute the thread.
|
Hi @mraible
I have generated a microservice project and i chose oauth2 with Keycloak for security implemntation.
But, as you implement a stateful integration with spring security and Keycloak , how can I deal with load balancing (n instances) as i have to deploy my microservice in Kubernetes?
Can i change Keycoak integration to be stateless in order to solve this problem.
Thanks
The text was updated successfully, but these errors were encountered: