KeyCloak is frequently restarting due to high number of sessions
Version: 1.1.5.x or 1.2.0.x
Problem
We have observed that sometimes the keycloak starts to auto restart when the number of sessions is too high. This issue leads to other issues in the systems such as an active token automatically becoming invalid as the keycloak session would have been lost due to the auto restart.
Solution
To solve this token you need to identify the issuer URL in the keycloak first. To identify the same you need to perform the following steps:
Generate an Authentication Token using Auth Manager (Swagger) using a client ID for which the number of tokens is too high
Paste the token in jwt.io and get the issuer URL as shown below
Assuming that the URL in the token is
https://external-env-url/auth/realms/mosip
, make sure the configurations across the MOSIP modules for issuerURL is configured the same as the above value.
Examples:
Assuming ${mosipbox.public.url}
is https://external-env-url
In
registration-processor-mz.properties
:
token.request.issuerUrl=${mosipbox.public.url}/auth/realms/mosip
,
In
id-repository-mz.properties
:
credential.request.token.request.issuerUrl=${mosipbox.public.url}/auth/realms/mosip
credential.service.token.request.issuerUrl=${mosipbox.public.url}/auth/realms/mosip
To test this works or not,
Make changes to the issuerURL of the services (where a particular client is used)
Clear all the sessions for that client
Restart the services associated
Run a load test for the service in question
If the sessions in KeyCloak don’t increase exponentially for that client that means the issue has been resolved. You can go ahead and make changes across all the configurations.