Hi Bill,
what I was thinking of was tenants as nested element within a realm.
We'd like to be able to add tenants at runtime. That's where I see a
problem with multi-realm support, since realms are "hardcoded" in the
keycloak.json. So if you add a realm in the admin-console, with multi-realm
support you'd still have to modify the deployed WAR by adding the new realm
to the keycloak.json file.
I was thinking of a structure like this:
|- realm
| |-users
| |-realm-level-user-1
| |-...
|-tenants
| |-tenant-1
| | |-users
| | | |-tenant-level-user-1
| | | |-...
Let me know what you think!
Cheers,
Nils
On Thu, May 29, 2014 at 11:04 PM, Bill Burke <bburke(a)redhat.com> wrote:
Somebody else was asking for this feature. We may have to add it
beta 2
even though I wanted to have a feature freeze.
How did you expect it to work? One guy wanted to discover realm per
request via parsing the URL. Another guy just wanted multi-realm
support for bearer-only services.
On 5/29/2014 4:54 PM, Nils Preusker wrote:
> Hi,
>
> first of all, congrats on the beta 1 release!
>
> Here's my question: I have a WAR with a REST API that I'm securing with
> Keycloak. Now I'd like to add multitenancy support.
>
> If I understand the concept in keycloak correctly, I would somehow have
> to have several realms in the keycloak.json and the web.xml of the war,
> right? However there is just one realm-name attribute in the web.xml and
> the structure of keycloak.json also looks like it is intended for one
> realm. Am I missing something?
>
> Cheers,
> Nils
>
>
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org
>
https://lists.jboss.org/mailman/listinfo/keycloak-user
>
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user