Hello,
I’m writing to you to get your advice on how we should configure levels of users.
Our application is going to be used backend by our internal staff, and there’s also a front office application section.
We want extra-secure access for our internal staff, thus right now, we are planning on installing one keycloak instance in DMZ and install another separate one that can be accessed from the internet.
Now, here are my questions:
- If we do consider having those two keycloaks, should we use them as master and slave ? meaning the external one would use the internal as an IdP ?
- Or should we, on the contrary, have them both in parrallel, so that when users authentify, depending on their origin (issuer), we would be able to try 2 public keys to validate tokens ?
- Or, do you consider multiplying keycloaks is an heresy, as realms are already made for separating populations and policies, and an externally-accessible keycloak can be already secured enough to guarantee total protection of the internal staff and their data ?
What’s your take?
BR
Gregory