From dba3b00c846407f350889295e5e18a7e172ea62c Mon Sep 17 00:00:00 2001 From: Matthew Helmke Date: Wed, 19 Sep 2018 10:09:02 -0500 Subject: [PATCH] added note about sticky session cookie limitations --- securing_apps/topics/oidc/java/application-clustering.adoc | 2 ++ 1 file changed, 2 insertions(+) diff --git a/securing_apps/topics/oidc/java/application-clustering.adoc b/securing_apps/topics/oidc/java/application-clustering.adoc index 9259d3e41a..b85fa5419f 100644 --- a/securing_apps/topics/oidc/java/application-clustering.adoc +++ b/securing_apps/topics/oidc/java/application-clustering.adoc @@ -40,6 +40,8 @@ Another small limitation is limited support for Single-Sign Out. It works withou application itself as the adapter will delete the KEYCLOAK_ADAPTER_STATE cookie. However, back-channel logout initialized from a different application isn't propagated by {project_name} to applications using cookie store. Hence it's recommended to use a short value for the access token timeout (for example 1 minute). +NOTE: Some load balancers do not allow any configuration of the sticky session cookie name or contents, such as Amazon ALB. For these, it is recommended to set the `shouldAttachRoute` option to `false`. + ===== Relative URI optimization In deployment scenarios where {project_name} and the application is hosted on the same domain (through a reverse proxy or load balancer) it can be