A single sign on solution for your customers and employees shouldn't be a single-point-of-failure in your architecture. Keycloak, a popular Open Source Identity and Access Management solution that provides single sign on, amongst other capabilities, is no exception to this.
A clustered Keycloak deployment in a single site or datacenter provides sufficient availability for many. An increasing number of organizations need to utilize multiple sites for improved resiliency or to meet legal requirements. In 2023, Keycloak overhauled its multi-site capabilities for public cloud infrastructures, tested them thoroughly and provided deployment blueprints to the community. They show how to set up an AWS infrastructure and deploy Keycloak across multiple sites.
This talk presents, from an architects and developer perspective, how we approached the problem, which architecture we chose, the challenges we faced and which tools helped us along the way. Expect to dive into concepts like load shedding, cache stampedes, and automated failover. See tools like Gatling, Helm, OpenTelemetry, Kubernetes Operators and AWS infrastructure in action. We will also provide an outlook for the next steps in our journey.
These insights will help you to improve your Keycloak deployments as well as design and test your own applications so they can withstand high load and site failures.