I'm running 3 nodes of Keycloak in Azure Container Apps with infinispan distributed cache in front.
Yesterday I catched the following WARN in my container's logs and in that moment I was not able to login to web admin... it continued to log that warn every time I tried to login.
2025-02-18T13:10:59.3949172Z stdout F 2025-02-18 13:10:59,394 WARN [.keycloak.events] (executor-thread-10) type="LOGIN_ERROR", realmId="a1d39a9f-95b4-4fd6-9538-171ed94bead6", realmName="master", clientId="security-admin-console", userId="null", ipAddress="xx.xx.xx.xx", error="expired_code", restart_after_timeout="true"
After restarted my Azure Container App I solved. I supposed that the distributed cache could be the problem... is it possible?
My infinispan cache configuration was the following (default):
<cache-container name="keycloak">
<transport lock-timeout="60000" stack="jdbc-ping"/>
<local-cache name="realms" simple-cache="true">
<encoding>
<key media-type="application/x-java-object"/>
<value media-type="application/x-java-object"/>
</encoding>
<memory max-count="10000"/>
</local-cache>
<local-cache name="users" simple-cache="true">
<encoding>
<key media-type="application/x-java-object"/>
<value media-type="application/x-java-object"/>
</encoding>
<memory max-count="10000"/>
</local-cache>
<local-cache name="authorization" simple-cache="true">
<encoding>
<key media-type="application/x-java-object"/>
<value media-type="application/x-java-object"/>
</encoding>
<memory max-count="10000"/>
</local-cache>
<local-cache name="keys" simple-cache="true">
<encoding>
<key media-type="application/x-java-object"/>
<value media-type="application/x-java-object"/>
</encoding>
<expiration max-idle="3600000"/>
<memory max-count="1000"/>
</local-cache>
<distributed-cache name="sessions" owners="2">
<expiration lifespan="-1"/>
</distributed-cache>
<distributed-cache name="authenticationSessions" owners="2">
<expiration lifespan="-1"/>
</distributed-cache>
<distributed-cache name="offlineSessions" owners="2">
<expiration lifespan="-1"/>
</distributed-cache>
<distributed-cache name="clientSessions" owners="2">
<expiration lifespan="-1"/>
</distributed-cache>
<distributed-cache name="offlineClientSessions" owners="2">
<expiration lifespan="-1"/>
</distributed-cache>
<distributed-cache name="loginFailures" owners="2">
<expiration lifespan="-1"/>
</distributed-cache>
<distributed-cache name="actionTokens" owners="2">
<encoding>
<key media-type="application/x-java-object"/>
<value media-type="application/x-java-object"/>
</encoding>
<expiration max-idle="-1" lifespan="-1" interval="300000"/>
<memory max-count="-1"/>
</distributed-cache>
<replicated-cache name="work">
<expiration lifespan="-1"/>
</replicated-cache>
</cache-container>
Thinking about it, this default configuration is not good and I'll update it, but apart that, can you help me understand the problem I had?
I got also this error few days later:
2025-02-24T07:31:47.2906574Z stdout F 2025-02-24 07:31:47,290 WARN [.keycloak.events] (executor-thread-30) type="CODE_TO_TOKEN_ERROR", realmId="5f626112-b788-4c16-8e15-c3be1a3910b6", realmName="TEST", clientId="TestWeb", userId="null", sessionId="cee35b2b-cc88-44cd-81cc-792708b48ec2", ipAddress="xx.xx.xx.xx", error="invalid_code", grant_type="authorization_code", code_id="cee35b2b-cc88-44cd-81cc-792708b48ec2", client_auth_method="client-secret"
I solved just restarting the 3 container instances, because I suppose they reset the distributed cache at the startup
Thanks in advance