[keycloak-user] [keycloak-dev] Keycloak 1.6.0.Final Released
bburke at redhat.com
Wed Oct 21 11:43:21 EDT 2015
On 10/21/2015 9:53 AM, Patrick Andreas Näf wrote:
> Here i have a similar requirement for a saas application. Need to have a
> single login form for all users and when the user logs in, i have to
> descide to which tenant (and server) a user belongs. Then i do a
> redirect to the right server / tenant.
> It's the same way most saas applications works (one login screen, then
> you get redirected to the right server / application).
> If we want to have one single login form for all tenants, then we can
> only have the users in the same realm i think, because you must be sure
> that all the users are unique.
> But we also need a way to let a user log in into several tenants with
> the same user. For that i plan to add a role for every tenant. If a user
> has several such roles, he must choose to which tenant he wants to connect.
> The application makes sure only a user with the correct role can use a
> Maybe there is a better way to solve that?
> The best way to solve it would be to allow a user to be in more than one
> realm and support a way to test in which realms a user is. Then we can
> login the user and test the realm(s).
> But i think that wouldn't be possible because the hole design is
> different. Maybe a "super realm" is possible that is a container for
> such users?
We originally took this route with Keycloak. The idea that Keycloak
could be a SAAS...But we decided that the best way to deploy Keycloak in
the cloud would be to create a cloud instance of Keycloak per
organization. In Red Hat OpenShift terms: Keycloak would be a
cartridge and the organization could opt to install it within their
The reason for this is to isolate one paying customer from a different
one. You probably don't want them sharing database instances, IP
If that is not possible, we can discuss other possibilities. Right now
though Realm is a completely isolated unit. Users belong to one realm
and one realm only.
JBoss, a division of Red Hat
More information about the keycloak-user