An MVP on how to shard keycloak for massive horizontal parralelization.
This relies on a few pieces working together:
-
An mechanism to resolve an
HostRealmIdP
object from a username. In this example, an environment variable is parsed into a static map. -
An custom authorization flow which handles the username before the password is entered. This is realized with the custom
UserForm
. -
An app that can handle dynamic keycloak backend configuration. This is realized by sneaking an
kc_instance
parameter into theredirect_uri
and having that parsed by the FE app.
To run it:
$ ./gradlew start
$ ....
$ cd ./app && npm install && npm run dev
- log in with
foo@foo.com
foobar
. This will log you in with the defaultkc0
(on port 8080) - log in with
foo@bar.com
foobar
: This will log you in on kc in a differentkc1
(on port 8081) - log in with
foo@baz.com
: This will take you to the realmidp-client
onkc0
, and because theres anidp_hint
, it'll take you straight to the realmidp
, where you log in with the pwfoobar
and are then routed back toidp-client
and finally back to the app