[keycloak-user] Multitenancy for WAR

Bill Burke bburke at redhat.com
Fri May 30 12:05:09 EDT 2014 

I don't what the different between a tenant and a realm would be in your 
example.

On 5/30/2014 5:28 AM, Nils Preusker wrote:
> Hi Bill,
>
> what I was thinking of was tenants as nested element within a realm.
>
> We'd like to be able to add tenants at runtime. That's where I see a
> problem with multi-realm support, since realms are "hardcoded" in the
> keycloak.json. So if you add a realm in the admin-console, with
> multi-realm support you'd still have to modify the deployed WAR by
> adding the new realm to the keycloak.json file.
>
> I was thinking of a structure like this:
>
> |- realm
> |  |-users
> |     |-realm-level-user-1
> |     |-...
> |-tenants
> |  |-tenant-1
> |  |  |-users
> |  |  |  |-tenant-level-user-1
> |  |  |  |-...
>
> Let me know what you think!
> Cheers,
> Nils
>
>
>
>
>
>
>
>
> On Thu, May 29, 2014 at 11:04 PM, Bill Burke <bburke at redhat.com
> <mailto:bburke at redhat.com>> wrote:
>
>     Somebody else was asking for this feature.  We may have to add it beta 2
>     even though I wanted to have a feature freeze.
>
>     How did you expect it to work?  One guy wanted to discover realm per
>     request via parsing the URL.  Another guy just wanted multi-realm
>     support for bearer-only services.
>
>
>     On 5/29/2014 4:54 PM, Nils Preusker wrote:
>      > Hi,
>      >
>      > first of all, congrats on the beta 1 release!
>      >
>      > Here's my question: I have a WAR with a REST API that I'm
>     securing with
>      > Keycloak. Now I'd like to add multitenancy support.
>      >
>      > If I understand the concept in keycloak correctly, I would
>     somehow have
>      > to have several realms in the keycloak.json and the web.xml of
>     the war,
>      > right? However there is just one realm-name attribute in the
>     web.xml and
>      > the structure of keycloak.json also looks like it is intended for one
>      > realm. Am I missing something?
>      >
>      > Cheers,
>      > Nils
>      >
>      >
>      >
>      >
>      > _______________________________________________
>      > keycloak-user mailing list
>      > keycloak-user at lists.jboss.org <mailto:keycloak-user at lists.jboss.org>
>      > https://lists.jboss.org/mailman/listinfo/keycloak-user
>      >
>
>     --
>     Bill Burke
>     JBoss, a division of Red Hat
>     http://bill.burkecentral.com
>     _______________________________________________
>     keycloak-user mailing list
>     keycloak-user at lists.jboss.org <mailto:keycloak-user at lists.jboss.org>
>     https://lists.jboss.org/mailman/listinfo/keycloak-user
>
>
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>

-- 
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com

More information about the keycloak-user mailing list