8000 Keycloak not using custom Infinispan config · Issue #39614 · keycloak/keycloak · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content
Keycloak not using custom Infinispan config #39614
New issue
New issue
Closed
#39675
Closed
Keycloak not using custom Infinispan config#39614
#39675
Assignees
ahus1
Labels
area/infinispankind/bugCategorizes a PR related to a bugpriority/importantMust be worked on very soonrelease/26.2.5release/26.3.0team/core-shared
@vikviksecuri

Description

@vikviksecuri
vikviksecuri
opened on May 11, 2025

Before reporting an issue

  • I have read and understood the above terms for submitting issues, and I understand that my issue may be closed without action if I do not follow them.

Area

infinispan

Describe the bug

Hello
We recently tried to upgrade from v26.1.3 to v26.2.3 to resolve CVE-2025-3910 and CVE-2025-3501.

We use a destributed cache setup with TCPPING, we were using JDBC_PING but switched to TCPPINg due to CVE-2023-5384.

The newer versions seems to pick up the configuration file and parse it but not use it. Supplying a non existing path or an invalid XML file would throw an error.

Version 26.1.3 showed the following log:

[org.infinispan.CLUSTER] (ForkJoinPool.commonPool-worker-1) ISPN000078: Starting JGroups channel `ISPN` with stack `tcp-ping`

Version 26.2.3 shows the following log:

[org.infinispan.CLUSTER] (main) ISPN000078: Starting JGroups channel `ISPN` with stack `jdbc-ping`

Our setup does not have a JDBC ping configuration so I'm not sure what details the JGroup channel is opened with.

Version

26.2.3

Regression

  • The issue is a regression

Expected behavior

Keycloak to pick up custom cache config file, parse it and use it for JGroup channel creation.

Our configuration looks like

...
    <jgroups>
        <stack name="tcp-ping" extends="tcp">
            <TCP external_addr="${env.JGROUPS_DISCOVERY_EXTERNAL_IP}" bind_port="${env.JGROUPS_DISCOVERY_EXTERNAL_PORT}"/>
            <TCPPING initial_hosts="${env.JGROUPS_DISCOVERY_INITIAL_HOSTS}" port_range="0"
                     stack.combine="REPLACE"
                     stack.position="MPING" />
        </stack>
    </jgroups>
...

Actual behavior

Keycloak picks up custom cache config file, parse it and but seems to use default configuration with JDBC_PING.

How to Reproduce?

Startup Keycloak with a KC_CACHE_CONFIG_FILE pointing to a custom configuration file and KC_CACHE set to ispn.
Ensure the custom configuration file creates a custom stack with an distinctive name.
Look for the Starting JGroups channel ISPN with stack <stack name>

Anything else?

Trying to switch to using JDBC_PING didn't work as it still does not seems to use the custom configuration.

Metadata

Metadata

Assignees

Labels

area/infinispankind/bugCategorizes a PR related to a bugpriority/importantMust be worked on very soonrelease/26.2.5release/26.3.0team/core-shared

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions
    0