We're considering attempting the exact same setup, with 2 standalone
keycloaks connected to the same backend DB.
User session is one example. There are some other things, which won't
work. We never tried to test such setup and I wouldn't do it.
From what I've seen, only what's stored in the cache ends up
different, meaning the HA models really only differ in that they have a
distributed cache. Is this correct? Or does it affect the connection to the
From that assumption, seeing the content of
"standalone-ha.xml", I see that
it's mostly session related stuff and
things like loginFailures that end up
in the distributed cache.
Since we have a session cookie, unique for every session, can we use
session stickiness in the reverse-proxy to circumvent most the issues?
Obviously the loginFailures feature wouldn't work all that well, but that
would be acceptable for my use-case.