[keycloak-user] Readonly database connection

Marek Posolda mposolda at redhat.com
Fri Dec 6 10:35:46 EST 2019


I never saw the similar use-case, to be limited to only read-only DB. I 
think that everything, which requires some writes won't work. So you 
won't be able to update any realm, client, user etc. Also users won't be 
able to update their passwords, update their profile through account 
management, even login with WebAuthn or HOTP (as both those require DB 
writes during authentication), link with social accounts etc.

I guess that in many scenarios you may see some strange exceptions shown 
in the UI instead of some "nice" message like "You can't update 
password" . That's because we never tried to test the setup like this. 
But you can try and see...

Marek

On 05. 12. 19 8:49, Gunnar Hilling wrote:
> I'm currently setting up a failover scenario with a postgresql
> master/slave (hot-standby) database.
> Using the database "failover" features of wildfly in the datasource I
> can accomplish to failover to the second, readonly database.
> Now I know that certain functions won't be available when the db is readonly.
> Do we have any documentation about use cases that won't work on readonly dbs?
> Or should I just handle the whole scenario manually?
> Kind regards,
> Gunnar
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>



More information about the keycloak-user mailing list