Keycloak for mobile datacenter with poor network

Hi All,

I have a use case where I need to provide OIDC functionality to a mobile datacentre. This DC has very poor/intermittent internet connectivity.

I have searched the docs, but I dont seem to be able to find my answer.

What I’d really like from keycloak is to be able to use AzureAD as a user federation location via keycloak, where keycloak caches all of the user info and credentials. In the case of a internet outage the users will be authenticated by keycloaks caches instead of being authenticated by Azure Active Directory.

Does anyone know if this is possible?

If this is possible, would tokens generated by keyclock in its disconnected state be able to be validated by Azure AD later when connectivity is restored?



It is not tried yet but we can import the users in unsync mode for this it will not lookup AD every time for user authentication. Another approach we can add external infinispan which store long lasting caches.