Univention and MariaDB Offer Support for the Fail-Safe Operation of Keycloak in UCS

Since last year, the single sign-on solution Keycloak has been a central
component of our identity and access management strategy. With Keycloak,
third-party applications can log on to the system using standard protocols
such as SAML and OpenID Connect. This means that users only have to log on
once centrally and can then access all enabled services.

In the long term, Keycloak will replace our existing solutions SimpleSAMLphp
and Kopano Konnect. The development team is working on the implementation of
further functions. As of December 2022, Keycloak is part of the UCS functional
scope covered by our support. Thus, Keycloak can already be installed as an
app via the App Center today.

Keycloak's Fail-safety and High Availability

Of course, with such a central component, fail-safety and high availability
are important issues. As of today, it is already possible to install Keycloak
multiple times in a UCS domain. In this case, all installations are accessible
under the same name in the network and share login sessions. This allows load
balancing in the domain and provides a certain degree of fail-safety. All
instances also share the same configuration.

In the default installation of the app, the configuration is stored in a
central database on a UCS system. To make Keycloak truly fail-safe and highly
available, this must therefore also apply to the database system, i.e. it must
be operated as a cluster. UCS does not provide such a cluster for Keycloak out
of the box. However, the Keycloak app can be configured to use an external
database.

In principle, it is possible to run a cluster with the databases provided by
UCS. However, the setup is not trivial and UCS does not provide any simple
options for this. Administrators must not only set up this setup but also
operate it themselves.

MariaDB Offers Support for Cluster Operation

This is where MariaDB comes into play. The enterprise
version of MariaDB, set up together with an SQL proxy in the same network as a
cluster, allows a highly available database setup that can be used by
Keycloak.

MariaDB and Univention have now entered into technical cooperation that allows
us to offer our customers comprehensive support for the fail-safe and highly
available use of Keycloak on UCS.

Stefan Schmit, Sr. Solution Engineer at MariaDB plc points out:

With the MariaDB Enterprise Server in combination with our SQL proxy
MaxScale, we offer a highly available database architecture that corrects
failures immediately. Together with Univention and our support, you get a
highly available database for Keycloak's critical workload and on multiple
platforms, be it on-prem, private cloud (ex. VMware, Kubernetis) or public
cloud (AWS, Google Cloud) as Database-as-a-Service (DBaaS) SkySQL.

If you have any questions about Maria DB, or its combined use with UCS or
Keycloak, please feel free to ask in the comments section of our blog.

Der Beitrag Univention and MariaDB Offer Support for the Fail-Safe Operation
of Keycloak in UCS erschien zuerst auf
Univention.

link