Why resource server and auth server should be in different wildfly instance

I have come across the below instructions in getting started guide for keycloak.

The instructions in this guide apply to running WildFly on the same machine as the Keycloak server.
In this situation, even though WildFly is bundled with Keycloak, you cannot use WildFly as an application container.
You must run a separate WildFly instance for your servlet application.
To avoid port conflicts, you need different ports to run Keycloak and WildFly.

My query to you regarding this is why this design decision was made to seperate resource and auth server. Will application fail if i deploy our web app in keycloak running machine itself?

Thanks and Regards,
Sashi

You could I suppose – have separate ports, VIPs etc.

Yes but even then, we can still have multiple servlet mappings for single port right.

For ex: auth can run in 8080/auth, resource can run in 8080/resource.

Why do u think we have condition that resource and auth needs to be seperated? Design decision basis of the documentation steps in keycloak installation…

Security best practices.