Hi,

I am in the process of setting up a cluster of keycloak instances, all of which are accessible by a single url (fronted by a reverse proxy or an alias). So when a client application communicates with the single url using either SAML or Openid Connect, how do we ensure that all the keycloak instances use the same set of certificates/keys to sign/encrypt the SAML/OpenID Connect response?

Noticed that we can generate a new set of keys for each realm within Keycloak instance but they are different across different instances. Is there a way of using the same certificate/keys across all the instances?

Appreciate any input.

Thanks,

Raghu