<div dir="ltr">Hi Bill,<div><br></div><div>what I was thinking of was tenants as nested element within a realm.</div><div><br></div><div>We'd like to be able to add tenants at runtime. That's where I see a problem with multi-realm support, since realms are "hardcoded" in the keycloak.json. So if you add a realm in the admin-console, with multi-realm support you'd still have to modify the deployed WAR by adding the new realm to the keycloak.json file.</div>
<div><br></div><div>I was thinking of a structure like this:</div><div><br></div><div>|- realm</div><div>| |-users</div><div>| |-realm-level-user-1</div><div>| |-...</div><div>|-tenants</div><div>| |-tenant-1</div>
<div>| | |-users</div><div>| | | |-tenant-level-user-1</div><div>| | | |-...</div><div><br></div><div>Let me know what you think!</div><div>Cheers,</div><div>Nils</div><div><br></div><div><br></div><div><br></div>
<div><br></div><div><br></div><div><br></div></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Thu, May 29, 2014 at 11:04 PM, Bill Burke <span dir="ltr"><<a href="mailto:bburke@redhat.com" target="_blank">bburke@redhat.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Somebody else was asking for this feature. We may have to add it beta 2<br>
even though I wanted to have a feature freeze.<br>
<br>
How did you expect it to work? One guy wanted to discover realm per<br>
request via parsing the URL. Another guy just wanted multi-realm<br>
support for bearer-only services.<br>
<div><div class="h5"><br>
<br>
On 5/29/2014 4:54 PM, Nils Preusker wrote:<br>
> Hi,<br>
><br>
> first of all, congrats on the beta 1 release!<br>
><br>
> Here's my question: I have a WAR with a REST API that I'm securing with<br>
> Keycloak. Now I'd like to add multitenancy support.<br>
><br>
> If I understand the concept in keycloak correctly, I would somehow have<br>
> to have several realms in the keycloak.json and the web.xml of the war,<br>
> right? However there is just one realm-name attribute in the web.xml and<br>
> the structure of keycloak.json also looks like it is intended for one<br>
> realm. Am I missing something?<br>
><br>
> Cheers,<br>
> Nils<br>
><br>
><br>
><br>
><br>
</div></div>> _______________________________________________<br>
> keycloak-user mailing list<br>
> <a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br>
> <a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br>
><br>
<span class="HOEnZb"><font color="#888888"><br>
--<br>
Bill Burke<br>
JBoss, a division of Red Hat<br>
<a href="http://bill.burkecentral.com" target="_blank">http://bill.burkecentral.com</a><br>
_______________________________________________<br>
keycloak-user mailing list<br>
<a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br>
</font></span></blockquote></div><br></div>