Hi,
We are an opensource company with an ERP based system built in
microservices approach.
We want to implement a SSO and RBAC for our system (for cloud/on-premise)
both. Earlier we were thinking of running one instance per customer but
that would be an overkill and too difficult to manage.
Second, we decided to create one realm/customer but that hits a ceiling in
adding more realms in one instance.
So, we were trying and came up with an idea of creating one database per
customer and dynamically link it with the Keycloak instance based in the
subdomain of the authentication URL.
By default, Keycloak uses a datasource to store different data like user
information etc and this is configured in the standalone.xml configuration
file. Our idea is to have a custom datasource configured here instead of
the actual database. This custom datasource can be a microservice or some
application or a custome provider which handles the part of pointing to
different datasources (one per customer) based on a unique parameter. This
way we can achieve a clear separation between mutliple customers and
implement multi-tenancy.
Could someone who has worked on something similar before let us know if
this is something possible ?
and put us in the right direction ?
Thank you!