Sorry, I just noticed that my example was wrong...

here is what I meant:

|- realm
|  |-users
|  |  |-realm-level-user-1
|  |  |-...
|  |-tenants
|  |  |-tenant-1
|  |  |  |-users
|  |  |  |  |-tenant-level-user-1
|  |  |  |  |-...

However, nested realms would be an alternative I guess.

Cheers,
Nils



On Fri, May 30, 2014 at 8:12 PM, Nils Preusker <n.preusker@gmail.com> wrote:
Hi Bill,

I guess you are right, there isn't really a difference. It would just be important to be able to add realms at runtime. Are you suggesting to have nested realms (just replacing tenant with realm in my previous example)?

Does that make more sense?
Cheers,
Nils


On Fri, May 30, 2014 at 6:05 PM, Bill Burke <bburke@redhat.com> wrote:
I don't what the different between a tenant and a realm would be in your
example.

On 5/30/2014 5:28 AM, Nils Preusker wrote:
> Hi Bill,
>
> what I was thinking of was tenants as nested element within a realm.
>
> We'd like to be able to add tenants at runtime. That's where I see a
> problem with multi-realm support, since realms are "hardcoded" in the
> keycloak.json. So if you add a realm in the admin-console, with
> multi-realm support you'd still have to modify the deployed WAR by
> adding the new realm to the keycloak.json file.
>
> I was thinking of a structure like this:
>
> |- realm
> |  |-users
> |     |-realm-level-user-1
> |     |-...
> |-tenants
> |  |-tenant-1
> |  |  |-users
> |  |  |  |-tenant-level-user-1
> |  |  |  |-...
>
> Let me know what you think!
> Cheers,
> Nils
>
>
>
>
>
>
>
>
> On Thu, May 29, 2014 at 11:04 PM, Bill Burke <bburke@redhat.com
> <mailto:bburke@redhat.com>> wrote:
>
>     Somebody else was asking for this feature.  We may have to add it beta 2
>     even though I wanted to have a feature freeze.
>
>     How did you expect it to work?  One guy wanted to discover realm per
>     request via parsing the URL.  Another guy just wanted multi-realm
>     support for bearer-only services.
>
>
>     On 5/29/2014 4:54 PM, Nils Preusker wrote:
>      > Hi,
>      >
>      > first of all, congrats on the beta 1 release!
>      >
>      > Here's my question: I have a WAR with a REST API that I'm
>     securing with
>      > Keycloak. Now I'd like to add multitenancy support.
>      >
>      > If I understand the concept in keycloak correctly, I would
>     somehow have
>      > to have several realms in the keycloak.json and the web.xml of
>     the war,
>      > right? However there is just one realm-name attribute in the
>     web.xml and
>      > the structure of keycloak.json also looks like it is intended for one
>      > realm. Am I missing something?
>      >
>      > Cheers,
>      > Nils
>      >
>      >
>      >
>      >
>      > _______________________________________________
>      > keycloak-user mailing list
>      > keycloak-user@lists.jboss.org <mailto:keycloak-user@lists.jboss.org>
>      > https://lists.jboss.org/mailman/listinfo/keycloak-user
>      >
>
>     --
>     Bill Burke
>     JBoss, a division of Red Hat
>     http://bill.burkecentral.com
>     _______________________________________________
>     keycloak-user mailing list
>     keycloak-user@lists.jboss.org <mailto:keycloak-user@lists.jboss.org>
>     https://lists.jboss.org/mailman/listinfo/keycloak-user
>
>
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user@lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>

--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
_______________________________________________
keycloak-user mailing list
keycloak-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user