[keycloak-user] Some Keycloak Questions
Stian Thorgersen
sthorger at redhat.com
Wed Jul 20 08:35:03 EDT 2016
On 20 July 2016 at 12:58, Tobias Schmidt <freez3 at me.com> wrote:
> Hi,
>
> is there a solution for this issue?
> https://issues.jboss.org/browse/KEYCLOAK-3067
>
> We trapped in exactly this problem by using Keycloak with too many realms,
> maybe we haven't understood how to use it in the right way.
> We have the need to have many Users with different grants per realm, we
> trying to have as many realms as possible and 20 realms per server instance
> will not work for us.
>
There's no short term solution planned for that issue. In the long term
we're getting rid of the master realm so this issue will go away. Keycloak
has not been designed for a large amount of realms though and we had
initially thought there would be only a handful realms per-server.
>
>
> Is there a List or a statement, why we should not use the Wildfly overlay
> for our needs?
> Found the statement on the website: http://www.keycloak.org/downloads.html
> "Overlay - Server add-on for WildFly. Not recommended in production."
>
There's 3 main reasons - a specific version of Keycloak is only tested to
with one specific version of WildFly so you may have issues when upgrading
in the future. Second reason is that your configurations and your
applications may conflict with Keycloak server's needs. Finally your IdP
should be isolated from your applications as this reduces the chance of
there being vulnerabilities.
>
>
> Thank you for your patience.
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160720/efc52174/attachment.html
More information about the keycloak-user
mailing list