[n_kr]

Keycloak is great software, and I am thankful to Redhat for keeping it open source and maintaining it. But I do not believe that a production deployment of keycloak with HA, backups, customization, integrations, upgrades etc. is easy at all. It takes time and planning to get it right. Depending on the constraints, it isn't obvious to me why it would win by default over SaaS alternatives, or simpler on-premises alternatives like OP's.

[agilob]

> HA, backups, customization, integrations, upgrades etc

I confirm that, we had a bunch of problems with upgrades in one product. In long term keycloak introduced more headaches for ops than we devs had implementing integrations with auth0 or okta. That was before KC10.

[linsomniac]

Curious what sorts of headaches there were in this. We're currently in the process of implementing KC12 using the docker image, a User Storage SPI (our users exist in our legacy master database which is synced from an external billing system), and it's looking so far like it'll be a fairly simple setup. This is basically just acting as a OAuth shim between our primary database and an external service provider in our case, which I imagine keeps the complexity down. But I'm wondering what you might have run into that we haven't yet. Thanks!