[keycloak-user] Multi Tenancy
Travis De Silva
traviskds at gmail.com
Sat Feb 22 22:46:19 EST 2014
I just read the discussions on KEYCLOAK-292 on the developer mailing list.
http://lists.jboss.org/pipermail/keycloak-dev/2014-February/001378.html
The concept of creating an application under the keycloak-admin realm for
each realm created looks interesting.
When it comes to multi tenancy, I think the issue is around the application
installation process. If there is a way where we don't have to provide
individual application level keycloak.json's or WildFly/JBoss subsystem
XML's, then we are getting closer to multi tenancy. I am thinking can this
be done at a keycloak top level or the ability to use wildcards for the
resource elements in the json.
Is LiveOak a multi tenancy platform? Wondering if they would need such a
feature.
On Sun, Feb 23, 2014 at 2:22 PM, Travis De Silva <traviskds at gmail.com>wrote:
> I was initially under the impression that I can configure realms as
> tenants and use KeyCloak for applications that are designed for multi
> tenancy.
>
> But now I have discovered that this is not possible, at least not possible
> to do it on demand. I hope I am wrong and someone can correct me.
>
> Basically what I was trying to do was, when someone signs up to my
> application platform, I was going to create a realm programmatically via
> the API. Hence the feature request I raised to have a realm level admin
> https://issues.jboss.org/browse/KEYCLOAK-292
>
> But that means, I will then have to either configure my Wildfly
> standalone.xml config with the new realm or add the installation json to my
> war and redeploy it. This is obviously not ideal for a on demand multi
> tenant application.
>
> Maybe using Roles and create unique roles per tenant which hopefully I can
> do programatically via the API. I think I might be able to get something
> going like this but it just feels very hacky and not elegant.
>
> Is there any other elegant way? Is Keycloak designed for multi tenancy
> environments?
>
> Cheers
> Travis
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20140223/6322d2cc/attachment.html
More information about the keycloak-user
mailing list