[keycloak-dev] Keycloak in Tomcat server

Bill Burke bburke at redhat.com
Mon Nov 30 17:24:09 EST 2015 


On 11/30/2015 5:07 PM, Adam Young wrote:
> On 11/26/2015 03:05 AM, Stian Thorgersen wrote:
>> In enterprise they should recommend using a standalone SSO server.
>> It's more secure and scalable. You wouldn't embed your database into
>> Tomcat would you? It's also more reliable and less error prone as you
>> are using the exact bits that we test.
>>
>> It has been achieved in the past, but initially we relied less on
>> features from WildFly. Keycloak server is no longer a WAR that's
>> deployed onto the WildFly app server, instead we rely on the core bits
>> of WildFly to create our own dedicated server.
>>
>> In theory it would be possible to get it to work on top of Tomcat with
>> some considerable amount of effort. However, as we add new features in
>> the future that rely on features in WildFly you would have new issues.
>> Further we would not be able to help you if you have any issues.
>
> Can you document this?  I assume the JMX components are the biggest
> aspect, but what else requires a full JEE app server?  Is there any JMS
> integration?
>
JMX is not involved.

Infinispan (caching), JPA, datasources, servlet, JAX-RS.  Wildfly/JBoss 
is also set to run out of the box in a cluster and managable in a domain 
( a cluster) out of the box.  Not to mention all the classloader 
isolation you DO NOT get with Tomcat.  Finally all the built in patch 
management that comes with Wildfly/JBoss.  Then there's developers that 
will want to deploy integration/extension plugins.  We can also leverage 
Wildfly's deployment engine for that too.

Running Keycloak Auth Server in Tomcat/Jetty would actually not be a 
very smart thing to do.  There are huge advantages to running within 
Wildfly/JBoss.  The only disadvantage is the size of the distro.  There 
is no performance penalty.

We have looked into trimming the Wildfly distro, but nixed that because 
it puts a huge burden on productization.  Its just much easier for them 
if we just layer on top of the full app server.

-- 
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com

More information about the keycloak-dev mailing list