[keycloak-user] Picketlink -> Keycloak
Bill Burke
bburke at redhat.com
Wed Jul 20 15:16:04 EDT 2016
Define "tenant" and what it accomplishes and how you are using tiers to
implement this functionality and I might be able to help.
On 7/20/16 2:41 PM, Keith Dev wrote:
> I'm moving a web application with REST services from Picketlink to
> Keycloak. This is a multi-tentant application (1k+ tenants) where
> single user accounts can belong to multiple tenants. In Picketlink,
> this was accomplished using Tiers. So there is a single realm, but one
> Tier per tenant. Its not clear what the analog is in Keycloak.
>
> We considered multiple realms, but both the number of tenants and the
> hard requirement to allow a single user cross tenants seems to make
> this a nonstarter.
>
> The best idea we have so far is to have a single realm, but create
> namespaced security artifacts: e.g. Tenant1.Admins. This is not ideal
> as we were hoping for more separation between tenants. I did see this
> <http://lists.jboss.org/pipermail/keycloak-dev/2013-July/000116.html> which
> suggests that Picketlink Tiers equate to Resources, but its not clear
> how. Certainly there does not seem to be any separation of security
> artifacts within a Resource per se.
>
> Advice?
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160720/af2d9d73/attachment.html
More information about the keycloak-user
mailing list