11:06 a.m.
Hi there,
We are wondering how to achieve "multi tenant" on a resource.
We have a spring boot backend with an angular front end, and are using Spring Security and
keycloak-angular adapters.
We have one keycloak used to authenticate and authorize users to the application, that
configuration is ok.
But now, for a set of resources (angular paths and REST services), we need to authenticate
to an other Keycloak server, which we don't know much of because it is somebody
else's.
How can we handle having 2 different Keycloak for a set a resources?
How can we tell in Spring Boot and Angular which AccessToken is the right one ?
Is it possible to check if AccessToken is valid on 2 different Keycloak and only for some
paths ?
At first, we thought about user federation... but we don't want to be able to log in
to the application just with the 2nd Keycloak. We have to be logged in with the first
Keycloak on all paths, and for some paths we want to also be logged in to the 2nd
Keycloak.
Thank you for your time,
Léonore DES PLAS MATTEI
Ingénieure Etudes et Développement - Aix en Provence SIG
2:32 a.m.
For servlet adapters, there is this:
https://www.keycloak.org/docs/latest/securing_apps/index.html#_multi_tenancy
For javascript adapters, it is nothing out of the box. Based on your
requirements, you can probably "listen" on the request and then based on
the fragment path, you can create an appropriate instance of "Keycloak"
object which will point either to Keycloak1 or Keycloak2 server.
Marek
On 24/09/18 18:06, DES PLAS Leonore wrote:
Hi there,
We are wondering how to achieve "multi tenant" on a resource.
We have a spring boot backend with an angular front end, and are using Spring Security
and keycloak-angular adapters.
We have one keycloak used to authenticate and authorize users to the application, that
configuration is ok.
But now, for a set of resources (angular paths and REST services), we need to
authenticate to an other Keycloak server, which we don't know much of because it is
somebody else's.
How can we handle having 2 different Keycloak for a set a resources?
How can we tell in Spring Boot and Angular which AccessToken is the right one ?
Is it possible to check if AccessToken is valid on 2 different Keycloak and only for some
paths ?
At first, we thought about user federation... but we don't want to be able to log in
to the application just with the 2nd Keycloak. We have to be logged in with the first
Keycloak on all paths, and for some paths we want to also be logged in to the 2nd
Keycloak.
Thank you for your time,
Léonore DES PLAS MATTEI
Ingénieure Etudes et Développement - Aix en Provence SIG
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
7:18 a.m.
Thank you for your answer, and my bad I had already seen the java multi tenancy part but
misread it !
For the angular side, we are still looking for a good solution...
once found, we will post it there but in the meantime if someone has implemented that feel
free to tell us how =)
-----Message d'origine-----
De : Marek Posolda <mposolda(a)redhat.com>
Envoyé : mardi 25 septembre 2018 09:33
À : DES PLAS Leonore <leonore.desplas(a)soprasteria.com>;
keycloak-user(a)lists.jboss.org
Objet : Re: [keycloak-user] Multi tenant on a given resource
For servlet adapters, there is this:
https://www.keycloak.org/docs/latest/securing_apps/index.html#_multi_tenancy
For javascript adapters, it is nothing out of the box. Based on your requirements, you can
probably "listen" on the request and then based on the fragment path, you can
create an appropriate instance of "Keycloak"
object which will point either to Keycloak1 or Keycloak2 server.
Marek
On 24/09/18 18:06, DES PLAS Leonore wrote:
Hi there,
We are wondering how to achieve "multi tenant" on a resource.
We have a spring boot backend with an angular front end, and are using Spring Security
and keycloak-angular adapters.
We have one keycloak used to authenticate and authorize users to the application, that
configuration is ok.
But now, for a set of resources (angular paths and REST services), we need to
authenticate to an other Keycloak server, which we don't know much of because it is
somebody else's.
How can we handle having 2 different Keycloak for a set a resources?
How can we tell in Spring Boot and Angular which AccessToken is the right one ?
Is it possible to check if AccessToken is valid on 2 different Keycloak and only for some
paths ?
At first, we thought about user federation... but we don't want to be able to log in
to the application just with the 2nd Keycloak. We have to be logged in with the first
Keycloak on all paths, and for some paths we want to also be logged in to the 2nd
Keycloak.
Thank you for your time,
Léonore DES PLAS MATTEI
Ingénieure Etudes et Développement - Aix en Provence SIG
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
2270
days inactive
2271
days old
2 comments
2 participants
participants (2)
-
DES PLAS Leonore -
Marek Posolda