Clustering and Keycloak SAML adapter


I’m trying to solve issue with SAML authentication on OpenShift cluster. I use JBoss EAP 7.2 OS images with Keycloak SAML adapter on two pods.

For some reasons we are unable to achieve sticky-session routing in the cluster, so client requests do occasionally switch from one pod to the other.

Is it somehow possible to configure SAML adapter so that a client doesn’t need to authenticate separately on different EAP nodes in the cluster?

The behaviour that I currently observe is that client starts to communicate with node A, is redirected to SSO server and back to node A. Later when eventually a request is routed to node B, user is again redirected to SSO server, which is what I want to avoid.