2:12 a.m.
----- Original Message -----
From: "Hipfinger Martin (BCC.ÖBB.TicketShop.MA)"
<Martin.Hipfinger(a)oebb.at>
To: keycloak-user(a)lists.jboss.org
Sent: Monday, 3 August, 2015 2:31:16 PM
Subject: [keycloak-user] WG: AW: AW: multi tenant configuration with 1.3.1?
In our current setup, each tenant is using several realms. Each tenant is
using it’s own database. This setup fits exactly to our needs. However, we’d
need 1.3.1 features, so I’m searching for the best fitting new setup.
For those scenarios we assume the use of separate Keycloak instances using for example
OpenShift or Docker.
It's very unlikely that we'd support configuring different databases for different
realms or bringing in additional concepts of tenants than a realm.
@ multi-tenancy example: after following the steps mentioned in the example,
I see the urls configured in the “tenant-realm”
The url of the client-id multi-tenant brings 404
The url of the client-id security-admin-console and account brings the login
page, but the user user-tenant1 cannot login (we’re sorry – no access)
Did you follow the readme for the multi-tenancy example? It specifies the urls to visit
for each "tenant".
-----Ursprüngliche Nachricht-----
Von: Stian Thorgersen [ mailto:stian@redhat.com ]
Gesendet: Mittwoch, 22. Juli 2015 13:46
An: Hipfinger Martin (BCC.ÖBB.TicketShop.MA)
Betreff: Re: AW: AW: [keycloak-user] multi tenant configuration with 1.3.1?
Yes, multi-tenancy is based on realms. Why would we need two levels of
multi-tenancy?
I'd need more info about what your problem is to be able to help you out with
the multi-tenancy example
----- Original Message -----
> From: "Hipfinger Martin (BCC.ÖBB.TicketShop.MA)"
> < Martin.Hipfinger(a)oebb.at >
> To: "Stian Thorgersen" < stian(a)redhat.com >
> Sent: Wednesday, 22 July, 2015 1:41:05 PM
> Subject: AW: AW: [keycloak-user] multi tenant configuration with 1.3.1?
>
> But i don't understand the multi tenancy concept then - is it based
> just on realms? However, I couldn't get this example working either
> https://github.com/keycloak/keycloak/tree/master/examples/multi-tenant
>
> -----Ursprüngliche Nachricht-----
> Von: Stian Thorgersen [ mailto:stian@redhat.com ]
> Gesendet: Mittwoch, 22. Juli 2015 13:34
> An: Hipfinger Martin (BCC.ÖBB.TicketShop.MA)
> Betreff: Re: AW: [keycloak-user] multi tenant configuration with 1.3.1?
>
> Ah, sorry thought you where talking about providers. We don't support
> overlays and really never have, it was an experimental feature. You
> should configure Keycloak through
> standalone/configuration/keycloak-server.json.
>
> ----- Original Message -----
> > From: "Hipfinger Martin (BCC.ÖBB.TicketShop.MA)"
> > < Martin.Hipfinger(a)oebb.at >
> > To: "Stian Thorgersen" < stian(a)redhat.com >
> > Sent: Wednesday, 22 July, 2015 1:30:12 PM
> > Subject: AW: [keycloak-user] multi tenant configuration with 1.3.1?
> >
> > Hi,
> >
> > i've already done that for sure - but cannot see the necessary
> > steps; would you please be so kind and point me to the right direction?
> >
> > br,
> > Martin
> >
> > -----Ursprüngliche Nachricht-----
> > Von: Stian Thorgersen [ mailto:stian@redhat.com ]
> > Gesendet: Mittwoch, 22. Juli 2015 13:23
> > An: Hipfinger Martin (BCC.ÖBB.TicketShop.MA)
> > Cc: keycloak-user(a)lists.jboss.org
> > Betreff: Re: [keycloak-user] multi tenant configuration with 1.3.1?
> >
> > Read the manual:
> > http://keycloak.github.io/docs/userguide/html/Migration_from_older_v
> > er
> > sions.html#d4e3319
> >
> > ----- Original Message -----
> > > From: "Hipfinger Martin (BCC.ÖBB.TicketShop.MA)"
> > > < Martin.Hipfinger(a)oebb.at >
> > > To: keycloak-user(a)lists.jboss.org
> > > Sent: Wednesday, 22 July, 2015 1:07:54 PM
> > > Subject: [keycloak-user] multi tenant configuration with 1.3.1?
> > >
> > >
> > >
> > > Hi,
> > >
> > >
> > >
> > > we’re running keycloak 1.1 with several overlays – in detail:
> > >
> > >
> > >
> > > - A new datasource per overlay
> > >
> > > /opt/keycloak/bin/jboss-cli.sh --commands="connect, data-source
> > > add --name= xxx DS --connection-url=jdbc:oracle:thin:@
> > > xxxxx:1522:xxxxx --jndi-name=java:jboss/datasources/ xxx DS
> > > --driver-name=ojdbc --password= xxx --user-name= XXX "
> > >
> > >
> > >
> > > - A new auth-server entry
> > >
> > > /opt/keycloak/bin/jboss-cli.sh --commands="connect,
> > > /subsystem=keycloak/auth-server= xxx -server/:add(web-context= xxx
> > > , enabled=true)"
> > >
> > >
> > >
> > > - An own keycloak-server.json
> > >
> > > "connectionsJpa": {
> > >
> > > "default": {
> > >
> > > "dataSource": "java:jboss/datasources/ xxx DS",
> > >
> > > "databaseSchema": "update"
> > >
> > > }
> > >
> > > }
> > >
> > > "connectionsInfinispan": {
> > >
> > > "default" : {
> > >
> > > "cacheContainer" : "java:jboss/infinispan/ xxx
Keycloak"
> > >
> > > }
> > >
> > >
> > >
> > > /opt/keycloak/bin/jboss-cli.sh --commands=”connect,
> > > /subsystem=keycloak/auth-server= xxx
> > > -server:update-server-config(bytes-to-upload=/opt/keycloak/standal
> > > on
> > > e/
> > > configuration/keycloak-server-
> > > xxx .json,overwrite=true)”
> > >
> > >
> > >
> > > This configuration isn’t supported anymore with 1.3.1 - do you
> > > have any hint for me, how to achieve a similar config with 1.3.1?
> > >
> > >
> > >
> > > br,
> > >
> > > Martin
> > >
> > >
> > >
> > >
> > >
> > > _______________________________________________
> > > keycloak-user mailing list
> > > keycloak-user(a)lists.jboss.org
> > > https://lists.jboss.org/mailman/listinfo/keycloak-user
> >
>
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user