KeyCloak is frequently restarting due to high number of sessions

Owned by Rounak Nayak (Unlicensed), created
Last updated: Nov 17, 2022
1 min read

Version: 1.1.5.x or 1.2.0.x

 Problem

We have observed that sometimes the keycloak starts to auto restart when the number of sessions is too high. This issue leads to other issues in the systems such as an active token automatically becoming invalid as the keycloak session would have been lost due to the auto restart.

 Solution

To solve this token you need to identify the issuer URL in the keycloak first. To identify the same you need to perform the following steps:

  1. Generate an Authentication Token using Auth Manager (Swagger) using a client ID for which the number of tokens is too high

  2. Paste the token in jwt.io and get the issuer URL as shown below

  3. Assuming that the URL in the token is https://external-env-url/auth/realms/mosip, make sure the configurations across the MOSIP modules for issuerURL is configured the same as the above value.

Examples:

Assuming ${mosipbox.public.url} is https://external-env-url

  • In registration-processor-mz.properties:

token.request.issuerUrl=${mosipbox.public.url}/auth/realms/mosip,

  • In id-repository-mz.properties:

credential.request.token.request.issuerUrl=${mosipbox.public.url}/auth/realms/mosip

credential.service.token.request.issuerUrl=${mosipbox.public.url}/auth/realms/mosip

To test this works or not,

  1. Make changes to the issuerURL of the services (where a particular client is used)

  2. Clear all the sessions for that client

  3. Restart the services associated

  4. Run a load test for the service in question

If the sessions in KeyCloak don’t increase exponentially for that client that means the issue has been resolved. You can go ahead and make changes across all the configurations.