I just read the discussions on KEYCLOAK-292 on the developer mailing list.
http://lists.jboss.org/pipermail/keycloak-dev/2014-February/001378.html
The concept of creating an application under the keycloak-admin realm for
each realm created looks interesting.
When it comes to multi tenancy, I think the issue is around the application
installation process. If there is a way where we don't have to provide
individual application level keycloak.json's or WildFly/JBoss subsystem
XML's, then we are getting closer to multi tenancy. I am thinking can this
be done at a keycloak top level or the ability to use wildcards for the
resource elements in the json.
Is LiveOak a multi tenancy platform? Wondering if they would need such a
feature.
On Sun, Feb 23, 2014 at 2:22 PM, Travis De Silva <traviskds(a)gmail.com>wrote:
I was initially under the impression that I can configure realms as
tenants and use KeyCloak for applications that are designed for multi
tenancy.
But now I have discovered that this is not possible, at least not possible
to do it on demand. I hope I am wrong and someone can correct me.
Basically what I was trying to do was, when someone signs up to my
application platform, I was going to create a realm programmatically via
the API. Hence the feature request I raised to have a realm level admin
https://issues.jboss.org/browse/KEYCLOAK-292
But that means, I will then have to either configure my Wildfly
standalone.xml config with the new realm or add the installation json to my
war and redeploy it. This is obviously not ideal for a on demand multi
tenant application.
Maybe using Roles and create unique roles per tenant which hopefully I can
do programatically via the API. I think I might be able to get something
going like this but it just feels very hacky and not elegant.
Is there any other elegant way? Is Keycloak designed for multi tenancy
environments?
Cheers
Travis