I have two instances of Keycloak running with a shared database and ispn cache for redundancy.
I then have a web client app implemented in Spring Security which works fine when I configure it to go either against instance 1 or instance 2 of Keycloak.
Now I want the web client app to be able to fail over to instance 2 if instance 1 of keycloak goes down.
My first idea was to implement some dynamic failover configuration in the web client app but that seems to require a lot of custom code which I want to avoid.
The other idea was to hide the Keycloak instances behind a load balancer and use the Spring Cloud components like gateway, discovery and the load balancer.
I tested that solution but I’m having problems getting it to work.
I know it is maybe a bit outside of the Keycloak domain but what are the best practices here, how do people implement redundant connections to Keycloak?
You can’t do failover with different user facing domains. A load balancer has to distribute the traffic to one or both instances.
Otherwise sessions, Passkeys and TOTP Tokens will break in spectacular ways, because they are domain bound.
Thank you guys for your input.
Please forgive my limited understanding of the cache/clustering handling in Keycloak but I tried to put my view into a sequence diagram.
According to this page [ Keycloak Cluster Setup - Keycloak ] both instances must share the same database.
And according to this page [Configuring distributed caches - Keycloak] the sessions should be distributed among the cluster entities.
So by introducing a load balancer a user could authenticate via instance 1 and get a refresh token form instance 2 ?
I tried to illustrate the flow in the sequence diagram below but steps 1 to 24 is the login phase while steps 27 to 33 is the token refresh.
