Re: [keycloak-user] Multi Tenancy

So you want to bind a URL to a specific adapter configuration? <secured-deployment> might have a <url-pattern> and/or keycloak.json might be expanded to do the same. url-pattern could be /foo/bar/* or even /foo/bar/{realm}/* and keycloak adapter would pull and match a realm configuration based on this? More comments inline On 2/24/2014 2:28 PM, Travis De Silva wrote: There's just no way around a large number of adapter profiles in your scenario. Each realm has its own public key in which to verify tokens with. Each of these public keys must be known to the adapter. FYI: Originally we were going to have Keycloak as a SaaS option hosted as one server on Openshift sso.keycloak.org or something. Users would have been able to register and create their own realms. It was decided that users might be a little scared of the idea of one database holding everybody's security metadata, so the idea switched to writing a cartridge which you could configure solely for your organization. I guess what I'm saying is that a cartridge approach might be best in most scenarios. Still I want to support your usecase as best we can. BTW, I really appreciate the feedback. Without users trying our stuff and giving us ideas on how they would like to use Keycloak, we'll never be successful. Thanks. -- Bill Burke JBoss, a division of Red Hat http://bill.burkecentral.com