Steps:

1. Deploy CloudFormation template
2. Import realm-export.json
3. Open vue-ui
4. Login to user1
5. Click "request" button

Symptoms:

• Sometimes request success, sometime request failed

This may due to Keycloak is NOT fully HA deployed. Currently, Keycloak session totally depends on ALB sticky session which is ok for user to login. Because, your browser will attach the ALB cookie on your behalf.

But for lambda authorizer, it will acquire JWKs from Keycloak https://<keycloak-domain>/auth/realms/keycloak-on-aws/protocol/openid-connect/certs. However, this process behave differently from browser. It will not attach ALB cookie. So, the ALB will forward either A or B.

After re-deploy the Keycloak stack, Can not reproduce this issue now.