We are planning to use keycloak for user authentication and saml integration for our application running on postgresql. Scenarios of our usage:
- SAML Integration with customer’s IDP to keycloak sp to our application running on AWS with postgresql backend.
- Form based authentication by customer’s users to our application running on AWS with postgresql backend.
To achieve this, should I run the keycloak server on public subnet with elastic ip & hostname (listed as CNAME in dns) or should I run the server in private subnet with internal ip (listed as A record in dns).