Re: [keycloak-dev] Multi tenant review
I've pushed the changes to master. It was also an opportunity to re-test
our new multitenancy feature! I fixed few things, so now multitenancy
should work on EAP 6.3 too (it seems it was tested just on wildfly 8.1
until now) .
Marek
On 31.10.2014 10:56, Marek Posolda wrote:
>> I am not sure too TBH:-)
>> >>
>> >>Right now we have realm name available on AccessToken in "iss",
so atm
>> >>the realm property on KeycloakSecurityContext is redundant. However
it's
>> >>unclear if we still have it as it's possible that it's not
compatible
>> >>with some 3rd party OIDC providers like Google, so in the future, we
>> >>would need to change this to URL. Quite related to parallel thread
"1.1
>> >>adapters no longer backward compatible" .
>> >>
>> >>My vote is to remove realm property from KeycloakSecurityContext for now
>> >>and implement getRealm method like:
>> >>
>> >> public String getRealm() {
>> >> return token.getIssuer();
>> >> }
>> >>
>> >>I think that if we need in the future issuer to contain URL, we will
>> >>probably anyway add another "custom" property to AccessToken
containing
>> >>realm name.
>> >>
>> >>Thoughts?
> >Sounds sensible to me
Great, I am going to change it this way.
Marek