Hi dolph, ayoung, We tried after enabling caching and it does work fine on a single keystone node setup. However on a multi node setup, the revocation tree is rebuilt only on the node which handles the revoke request.. All other trees are stale till each node receives a revoke request. So, there is a possibility of a revoked token being accepted.
Hi dolph, ayoung, We tried after enabling caching and it does work fine on a single keystone node setup. However on a multi node setup, the revocation tree is rebuilt only on the node which handles the revoke request.. All other trees are stale till each node receives a revoke request. So, there is a possibility of a revoked token being accepted.