I just read the discussions on KEYCLOAK-292 on the developer mailing list. http://lists.jboss.org/pipermail/keycloak-dev/2014-February/001378.html

The concept of creating an application under the keycloak-admin realm for each realm created looks interesting.

When it comes to multi tenancy, I think the issue is around the application installation process. If there is a way where we don't have to provide individual application level keycloak.json's or WildFly/JBoss subsystem XML's, then we are getting closer to multi tenancy. I am thinking can this be done at a keycloak top level or the ability to use wildcards for the resource elements in the json.

Is LiveOak a multi tenancy platform? Wondering if they would need such a feature.

On Sun, Feb 23, 2014 at 2:22 PM, Travis De Silva <traviskds@gmail.com> wrote:

I was initially under the impression that I can configure realms as tenants and use KeyCloak for applications that are designed for multi tenancy.

But now I have discovered that this is not possible, at least not possible to do it on demand. I hope I am wrong and someone can correct me.

Basically what I was trying to do was, when someone signs up to my application platform, I was going to create a realm programmatically via the API. Hence the feature request I raised to have a realm level admin https://issues.jboss.org/browse/KEYCLOAK-292

But that means, I will then have to either configure my Wildfly standalone.xml config with the new realm or add the installation json to my war and redeploy it. This is obviously not ideal for a on demand multi tenant application.

Maybe using Roles and create unique roles per tenant which hopefully I can do programatically via the API. I think I might be able to get something going like this but it just feels very hacky and not elegant.

Is there any other elegant way? Is Keycloak designed for multi tenancy environments?

Cheers
Travis