Description Daniel Duchon 2023-07-11 06:50:50 CEST

The keycloak app documentation says, you can install keycloak multiple times in the domain to "to increase availability and provide failover using the default DNS name ucs-sso-ng.$(hostname -d)" [1].

This falsely suggests that the keycloak app is fail-safe. However, this is only the case if the central keycloak server with the keycloak postgresql database does not go offline.

If this happens, all keycloak installations are no longer usable.

The documentation should further address this circumstance and educate the customer about it. It should also go into more detail about why this decision was made and what the customer can do to make the app actually failsafe.

[1]: https://docs.software-univention.de/keycloak-app/latest/configuration.html#multiple-installations-in-the-domain