[keycloak-user] WG: AW: AW: multi tenant configuration with 1.3.1?

Hipfinger Martin (BCC.ÖBB.TicketShop.MA) Martin.Hipfinger at oebb.at
Mon Aug 3 08:31:16 EDT 2015 



In our current setup, each tenant is using several realms. Each tenant is using it’s own database. This setup fits exactly to our needs. However, we’d need 1.3.1 features, so I’m searching for the best fitting new setup.



@ multi-tenancy example: after following the steps mentioned in the example, I see the urls configured in the “tenant-realm”

[cid:image001.png at 01D0C52C.EADCB4B0]



The url of the client-id multi-tenant brings 404

The url of the client-id security-admin-console and account brings the login page, but the user user-tenant1 cannot login (we’re sorry – no access)







-----Ursprüngliche Nachricht-----
Von: Stian Thorgersen [mailto:stian at redhat.com]
Gesendet: Mittwoch, 22. Juli 2015 13:46
An: Hipfinger Martin (BCC.ÖBB.TicketShop.MA)
Betreff: Re: AW: AW: [keycloak-user] multi tenant configuration with 1.3.1?



Yes, multi-tenancy is based on realms. Why would we need two levels of multi-tenancy?



I'd need more info about what your problem is to be able to help you out with the multi-tenancy example



----- Original Message -----

> From: "Hipfinger Martin (BCC.ÖBB.TicketShop.MA)"

> <Martin.Hipfinger at oebb.at<mailto:Martin.Hipfinger at oebb.at>>

> To: "Stian Thorgersen" <stian at redhat.com<mailto:stian at redhat.com>>

> Sent: Wednesday, 22 July, 2015 1:41:05 PM

> Subject: AW: AW: [keycloak-user] multi tenant configuration with 1.3.1?

>

> But i don't understand the multi tenancy concept then - is it based

> just on realms? However, I couldn't get this example working either

> https://github.com/keycloak/keycloak/tree/master/examples/multi-tenant

>

> -----Ursprüngliche Nachricht-----

> Von: Stian Thorgersen [mailto:stian at redhat.com]

> Gesendet: Mittwoch, 22. Juli 2015 13:34

> An: Hipfinger Martin (BCC.ÖBB.TicketShop.MA)

> Betreff: Re: AW: [keycloak-user] multi tenant configuration with 1.3.1?

>

> Ah, sorry thought you where talking about providers. We don't support

> overlays and really never have, it was an experimental feature. You

> should configure Keycloak through standalone/configuration/keycloak-server.json.

>

> ----- Original Message -----

> > From: "Hipfinger Martin (BCC.ÖBB.TicketShop.MA)"

> > <Martin.Hipfinger at oebb.at<mailto:Martin.Hipfinger at oebb.at>>

> > To: "Stian Thorgersen" <stian at redhat.com<mailto:stian at redhat.com>>

> > Sent: Wednesday, 22 July, 2015 1:30:12 PM

> > Subject: AW: [keycloak-user] multi tenant configuration with 1.3.1?

> >

> > Hi,

> >

> > i've already done that for sure - but cannot see the necessary

> > steps; would you please be so kind and point me to the right direction?

> >

> > br,

> > Martin

> >

> > -----Ursprüngliche Nachricht-----

> > Von: Stian Thorgersen [mailto:stian at redhat.com]

> > Gesendet: Mittwoch, 22. Juli 2015 13:23

> > An: Hipfinger Martin (BCC.ÖBB.TicketShop.MA)

> > Cc: keycloak-user at lists.jboss.org<mailto:keycloak-user at lists.jboss.org>

> > Betreff: Re: [keycloak-user] multi tenant configuration with 1.3.1?

> >

> > Read the manual:

> > http://keycloak.github.io/docs/userguide/html/Migration_from_older_v

> > er

> > sions.html#d4e3319

> >

> > ----- Original Message -----

> > > From: "Hipfinger Martin (BCC.ÖBB.TicketShop.MA)"

> > > <Martin.Hipfinger at oebb.at<mailto:Martin.Hipfinger at oebb.at>>

> > > To: keycloak-user at lists.jboss.org<mailto:keycloak-user at lists.jboss.org>

> > > Sent: Wednesday, 22 July, 2015 1:07:54 PM

> > > Subject: [keycloak-user] multi tenant configuration with 1.3.1?

> > >

> > >

> > >

> > > Hi,

> > >

> > >

> > >

> > > we’re running keycloak 1.1 with several overlays – in detail:

> > >

> > >

> > >

> > > - A new datasource per overlay

> > >

> > > /opt/keycloak/bin/jboss-cli.sh --commands="connect, data-source

> > > add --name= xxx DS --connection-url=jdbc:oracle:thin:@

> > > xxxxx:1522:xxxxx --jndi-name=java:jboss/datasources/ xxx DS

> > > --driver-name=ojdbc --password= xxx --user-name= XXX "

> > >

> > >

> > >

> > > - A new auth-server entry

> > >

> > > /opt/keycloak/bin/jboss-cli.sh --commands="connect,

> > > /subsystem=keycloak/auth-server= xxx -server/:add(web-context= xxx

> > > , enabled=true)"

> > >

> > >

> > >

> > > - An own keycloak-server.json

> > >

> > > "connectionsJpa": {

> > >

> > > "default": {

> > >

> > > "dataSource": "java:jboss/datasources/ xxx DS",

> > >

> > > "databaseSchema": "update"

> > >

> > > }

> > >

> > > }

> > >

> > > "connectionsInfinispan": {

> > >

> > > "default" : {

> > >

> > > "cacheContainer" : "java:jboss/infinispan/ xxx Keycloak"

> > >

> > > }

> > >

> > >

> > >

> > > /opt/keycloak/bin/jboss-cli.sh --commands=”connect,

> > > /subsystem=keycloak/auth-server= xxx

> > > -server:update-server-config(bytes-to-upload=/opt/keycloak/standal

> > > on

> > > e/

> > > configuration/keycloak-server-

> > > xxx .json,overwrite=true)”

> > >

> > >

> > >

> > > This configuration isn’t supported anymore with 1.3.1 - do you

> > > have any hint for me, how to achieve a similar config with 1.3.1?

> > >

> > >

> > >

> > > br,

> > >

> > > Martin

> > >

> > >

> > >

> > >

> > >

> > > _______________________________________________

> > > keycloak-user mailing list

> > > keycloak-user at lists.jboss.org<mailto:keycloak-user at lists.jboss.org>

> > > https://lists.jboss.org/mailman/listinfo/keycloak-user

> >

>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20150803/f9042574/attachment-0001.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 41829 bytes
Desc: image001.png
Url : http://lists.jboss.org/pipermail/keycloak-user/attachments/20150803/f9042574/attachment-0001.png

More information about the keycloak-user mailing list