Here i have a similar requirement for a saas application. Need to
have a single login form for all users and when the user logs in, i
have to descide to which tenant (and server) a user belongs. Then i
do a redirect to the right server / tenant.
It's the same way most saas applications works (one login screen,
then you get redirected to the right server / application).
If we want to have one single login form for all tenants, then we
can only have the users in the same realm i think, because you must
be sure that all the users are unique.
But we also need a way to let a user log in into several tenants
with the same user. For that i plan to add a role for every tenant.
If a user has several such roles, he must choose to which tenant he
wants to connect.
The application makes sure only a user with the correct role can use
a tenant.
Maybe there is a better way to solve that?
The best way to solve it would be to allow a user to be in more than
one realm and support a way to test in which realms a user is. Then
we can login the user and test the realm(s).
But i think that wouldn't be possible because the hole design is
different. Maybe a "super realm" is possible that is a container for
such users?
Best regards,
Patrick
Am 21.10.2015 um 14:46 schrieb Stian
Thorgersen:
I think the first question to ask is do you want to
share users and config between tenants? If you do you should
have a single realm, if not you should have separate realms.
_______________________________________________
keycloak-user mailing list
keycloak-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
--
Näf ITCom AG
Patrick Andreas Näf
CEO / Owner
MSc ETH Inf.-Ing.
Höhenweg 7
4917 Melchnau
web: www.naef-itcom.ch