<div dir="ltr"><br><div class="gmail_extra"><br><div class="gmail_quote">On 20 July 2016 at 12:58, Tobias Schmidt <span dir="ltr"><<a href="mailto:freez3@me.com" target="_blank">freez3@me.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div><p style="color:#000000;font-family:SFNSText,'Helvetica Neue',Helvetica,sans-serif;font-size:15px;font-style:normal;font-variant:normal;font-weight:300;letter-spacing:normal;line-height:15.75pt;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background:white"><span style="font-size:11.5pt;font-family:Helvetica,sans-serif;color:black">Hi,</span></p><p style="color:#000000;font-family:SFNSText,'Helvetica Neue',Helvetica,sans-serif;font-size:15px;font-style:normal;font-variant:normal;font-weight:300;letter-spacing:normal;line-height:15.75pt;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background:white"><span style="font-size:11.5pt;font-family:Helvetica,sans-serif;color:black">is there a solution for this issue? </span><span style="font-size:11.5pt;font-family:Helvetica,sans-serif;color:black"><a href="https://issues.jboss.org/browse/KEYCLOAK-3067" target="_blank">https://issues.jboss.org/browse/KEYCLOAK-3067</a></span></p><p style="color:#000000;font-family:SFNSText,'Helvetica Neue',Helvetica,sans-serif;font-size:15px;font-style:normal;font-variant:normal;font-weight:300;letter-spacing:normal;line-height:15.75pt;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background:white"><span style="font-size:11.5pt;font-family:Helvetica,sans-serif;color:black">We trapped in exactly this problem by using Keycloak with too many realms, maybe we haven't understood how to use it in the right way. <br>We have the need to have many Users with different grants per realm, we trying to have as many realms as possible and 20 realms per server instance will not work for us.</span></p></div></div></blockquote><div> There's no short term solution planned for that issue. In the long term we're getting rid of the master realm so this issue will go away. Keycloak has not been designed for a large amount of realms though and we had initially thought there would be only a handful realms per-server.<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div><p style="color:#000000;font-family:SFNSText,'Helvetica Neue',Helvetica,sans-serif;font-size:15px;font-style:normal;font-variant:normal;font-weight:300;letter-spacing:normal;line-height:15.75pt;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background:white"><span style="font-size:11.5pt;font-family:Helvetica,sans-serif;color:black"> </span></p><p style="color:#000000;font-family:SFNSText,'Helvetica Neue',Helvetica,sans-serif;font-size:15px;font-style:normal;font-variant:normal;font-weight:300;letter-spacing:normal;line-height:15.75pt;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background:white"><span style="font-size:11.5pt;font-family:Helvetica,sans-serif;color:black">Is there a List or a statement, why we should not use the Wildfly overlay for our needs?<br>Found the statement on the website: </span><span style="font-size:11.5pt;font-family:Helvetica,sans-serif;color:black"><a href="http://www.keycloak.org/downloads.html" target="_blank">http://www.keycloak.org/downloads.html</a></span><span style="font-size:11.5pt;font-family:Helvetica,sans-serif;color:black"><br>"Overlay - Server add-on for WildFly. Not recommended in production."</span></p></div></div></blockquote><div><br></div><div>There's 3 main reasons - a specific version of Keycloak is only tested to with one specific version of WildFly so you may have issues when upgrading in the future. Second reason is that your configurations and your applications may conflict with Keycloak server's needs. Finally your IdP should be isolated from your applications as this reduces the chance of there being vulnerabilities.</div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div><p style="color:#000000;font-family:SFNSText,'Helvetica Neue',Helvetica,sans-serif;font-size:15px;font-style:normal;font-variant:normal;font-weight:300;letter-spacing:normal;line-height:15.75pt;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background:white"><span style="font-size:11.5pt;font-family:Helvetica,sans-serif;color:black"> </span></p><p style="color:#000000;font-family:SFNSText,'Helvetica Neue',Helvetica,sans-serif;font-size:15px;font-style:normal;font-variant:normal;font-weight:300;letter-spacing:normal;line-height:15.75pt;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background:white"><span style="font-size:11.5pt;font-family:Helvetica,sans-serif;color:black">Thank you for your patience.</span></p></div></div><br>_______________________________________________<br>
keycloak-user mailing list<br>
<a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br></blockquote></div><br></div></div>