[snuxoll]

Keycloak supports multi-tenancy natively with realms. There is a fixed memory cost for each, but it’s not like you have to spin up an entirely new instance for each.

I will agree that the SPI interfaces for Keycloak could be better, but especially with the new Quarkus distribution it’s stupidly easy to setup and has 99% of what you need out of the box.

[rad_gruchalski]

> Keycloak supports multi-tenancy natively with realms. There is a fixed memory cost for each, but it’s not like you have to spin up an entirely new instance for each.

Yes, I know. I use Keycloak in production. All realms sit on one instance. As do all clients. It can get really heavy and really slow really fast, especially with resource servers. I am aware of replication but that is basically replicating the whole instance.

The other not so nice thing about the SPI is that custom providers are loaded into the main Java process and that comes with all the pitfalls of class loading, shading, uber jars. It’s a mess. Try building a log adapter to push data to Kafka or over grpc. Dragons.

Keycloak is nice for out of the box stuff but integration can get pretty messy.