[keycloak-user] Signing Keys in a cluster

Bill Burke bburke at redhat.com
Sat Jan 17 09:32:31 EST 2015


On 1/17/2015 8:54 AM, prab rrrr wrote:
> Hi,
>
> I am in the process of setting up a cluster of keycloak instances, all
> of which are accessible by a single url (fronted by a reverse proxy or
> an alias). So when a client application communicates with the single url
> using either SAML or Openid Connect, how do we ensure that all the
> keycloak instances use the same set of certificates/keys to sign/encrypt
> the SAML/OpenID Connect response?
>
> Noticed that we can generate a new set of keys for each realm within
> Keycloak instance but they are different across different instances. Is
> there a way of using the same certificate/keys across all the instances?
>

THat shouldn't be the case.  There should be one key pair per realm. 
Sounds like you aren't sharing the same database.


-- 
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com


More information about the keycloak-user mailing list