Re: [keycloak-dev] RFC: organizations

From: "Juraci Paixão Kröhling" <juraci(a)kroehling.de&gt; To: keycloak-dev(a)lists.jboss.org Sent: Tuesday, 28 July, 2015 8:12:14 AM Subject: Re: [keycloak-dev] RFC: organizations Scott, On 07/28/2015 04:12 AM, Scott Rehorn wrote: > Proposal: introduce a new entity called "organizations" to provide a > means of delivering specific claim values to authenticated users known > in that organization > > Rationale: in our group at Dell Software, we have to support the notion > of tenancy within a single realm, but we are trying to avoid the term > ‘tenant’ as it’s too overloaded. Our typical use case is to use > Keycloak+our extensions as an external system which acts as identity > broker for a constrained set of IdPs and claims authority for users. If > we use realm-per-organization, then we wind up with a large set of > repeated IdP configurations. By introducing an entity for > “organizations” then we have a centralized place to store metadata for > users and related client/RP instances. We have a *very* similar use case and we have implemented the notion of "Organizations" (and "Personas") in Hawkular, in a module named "Hawkular Accounts". In our case, an user can belong to multiple organizations, and can have different roles within each organization ("Super User" in "Operations", but "Monitor" on "Marketing").

If our use cases converge, I think we should work together on this. Our code is currently located here and includes some documentation about how it works and what's our use case: https://github.com/hawkular/hawkular-accounts - Juca. _______________________________________________ keycloak-dev mailing list keycloak-dev(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-dev