[keycloak-user] Multi tenant on a given resource

DES PLAS Leonore leonore.desplas at soprasteria.com
Tue Sep 25 08:18:39 EDT 2018 

Thank you for your answer, and my bad I had already seen the java multi tenancy part but misread it !

For the angular side, we are still looking for a good solution... 
once found, we will post it there but in the meantime if someone has implemented that feel free to tell us how =)

-----Message d'origine-----
De : Marek Posolda <mposolda at redhat.com> 
Envoyé : mardi 25 septembre 2018 09:33
À : DES PLAS Leonore <leonore.desplas at soprasteria.com>; keycloak-user at lists.jboss.org
Objet : Re: [keycloak-user] Multi tenant on a given resource

For servlet adapters, there is this: 
https://www.keycloak.org/docs/latest/securing_apps/index.html#_multi_tenancy

For javascript adapters, it is nothing out of the box. Based on your requirements, you can probably "listen" on the request and then based on the fragment path, you can create an appropriate instance of "Keycloak" 
object which will point either to Keycloak1 or Keycloak2 server.

Marek

On 24/09/18 18:06, DES PLAS Leonore wrote:
> Hi there,
>
> We are wondering how to achieve "multi tenant" on a resource.
> We have a spring boot backend with an angular front end, and are using Spring Security and keycloak-angular adapters.
>
> We have one keycloak used to authenticate and authorize users to the application, that configuration is ok.
> But now, for a set of resources (angular paths and REST services), we need to authenticate to an other Keycloak server, which we don't know much of because it is somebody else's.
> How can we handle having 2 different Keycloak for a set a resources?
> How can we tell in Spring Boot and Angular which AccessToken is the right one ?
> Is it possible to check if AccessToken is valid on 2 different Keycloak and only for some paths ?
>
> At first, we thought about user federation... but we don't want to be able to log in to the application just with the 2nd Keycloak. We have to be logged in with the first Keycloak on all paths, and for some paths we want to also be logged in to the 2nd Keycloak.
>
> Thank you for your time,
>
> Léonore DES PLAS MATTEI
> Ingénieure Etudes et Développement - Aix en Provence SIG
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user

More information about the keycloak-user mailing list