Case: Keycloak domain mode cluster

The client wanted to migrate more and more of internal and SaaS services to Keycloak but was worried about the lack of high-availability in standalone Keycloak. We created Keycloak domain mode clusters for them and integrated them with their FreeIPA Linux domain. This allowed the customer to start using Keycloak authentication for critical services like AWS and Slack - with help from us.

Main technologies

Keycloak

FreeIPA

Puppet

Benefits

High availability

Centralized authentication

Web SSO

Numbers

4 Keycloak instances

2 domain mode clusters

4 FreeIPA masters

1 Starting point

The client had a single-node standalone Keycloak instance running. While it worked well, the client was blocked from integrating critical services such as AWS or Slack as it lacked high availability.

2 Project

We started by developing and testing automation code for managing Keycloak domain-mode clusters in a testing environment. Once all worked well, we deployed a staging Keycloak domain mode cluster and integrated it with the client's FreeIPA cluster. Once the staging environment was working, we deployed the production domain mode cluster. As the final step we migrated away from the original Keycloak standalone instance. This was easy as Keycloak configurations were all defined as infrastructure code.

3 End result

The Keycloak domain mode cluster enabled the client to start using Keycloak as the authentication and authorization backend for critical services such as AWS and Slack. They used the staging Keycloak domain mode cluster for testing new Keycloak configurations and for integration of new services into Keycloak. Once the testing procedure was complete the same configuration could be trivially deployed to production.

"Puppeteers helped us resolve our Red Hat Enterprise Linux issue. I'm looking forward to upgrading and improving our clients' production environments and our development setups with their help."

Aarre Pohjola

A&A Consulting Oy, Finland

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.