Univention Bugzilla – Bug 51189
OpenID Connect: Failover
Last modified: 2022-05-10 14:35:42 CEST
The OpenID Connect app base software Kopano konnect does support failover, when the encryption keys are identical in any running instance. The App could search for and copy the keys from existing installations in the domain. It would also improve the useability to store OIDC IdP information such as the fqdn (konnect --iss parameter) in LDAP. Currently, that settings has to be configured for every installed app via app settings.
The loadbalancers must also be configured for a standby- only scenario. This is because temporary data is not being synched between the instances. Hence, in addition to syncronize the keys ensure the relevant routes are routed to only one server, and only in case of a failure to another one: /.well-known/openid-configuration /konnect/v1 /signin
Another customer asks for the feature. Ticketnumber attached