May 07 2024 by Alexander Schwartz, Ryan Emerson
A single sign on solution for your customers and employees shouldn’t be a single-point-of-failure in your architecture. At Devoxx France 2024, Ryan Emerson and Alexander Schwartz presented, from an architects and developer perspective, how Keycloak approached the problem. They describe which architecture the Keycloak team chose, the challenges they faced and which tools helped along the way. The slides and the recorded video are linked below. Scroll down for additional links and details of the tasks we’re currently working on to further enhance the architecture.
A clustered Keycloak deployment in a single site or datacenter provides sufficient availability for many. However, an increasing number of organizations need to utilize multiple sites for improved resiliency or to meet legal requirements. In 2023, Keycloak overhauled its multi-site capabilities for public and private cloud infrastructures, tested them thoroughly and provided deployment blueprints to the community. As part of the release of Keycloak 24, an active/passive setup is now fully supported.
Read more about it in the new high availability guide published as part of Keycloak’s documentation, and get more tools and background information in the Keycloak Benchmark Project. Since the previous blog post which covered Keycloak 23, we have made the configuration of such a setup simpler, with fewer options required by Keycloak and the Keycloak Operator. Thank you to everyone who provided feedback along the way, and those who participated in our survey in early 2023 which guided us in the implementation of this setup.
Still, the journey doesn’t stop here: The team is now working on durable sessions across restarts and upgrades, and a simpler Infinispan architecture which aims to eventually support active/active. Follow these issues and discussions to stay up-to-date with the latest developments, and provide feedback on Keycloak’s nightly builds.