Re: [keycloak-user] Keycloack Multi -Tenancy question

For your interest. We've evaluated internally the usage of many realms for customers and we've encountered many issues, both on the frontend application (admin console loading was really slow with 150-200 realms) and on the backend (in the code there are places where it iterates between realms, loading a lot of stuff). The cache helps, but i think that, for supporting multirealms, there should be some refactoring / redesign of some components. In addition, i think that some features like the sharing of a client between realms (think of many tenants accessing the same single page application, with the same client) need to be added.

The segregation of realms is a really cool feature, but could cause problems in a multi realm scenario (maybe introducing, also, some hierarchical relationships between realms could be useful). Have a nice day, Matteo On Tue, Sep 24, 2019 at 2:45 PM Marek Posolda <mposolda(a)redhat.com <mailto:mposolda@redhat.com>> wrote: Hi, there is no change in this area. Big number of realms can be still an issue. We plan some refactoring of the storage layer in near future (1-2 years as very rough estimate) and that should help to address the multitenancy use-case among other things. Marek On 23. 09. 19 9:14, Litom Segal wrote: > We are considering using Keycloack in a multi-tenant fashion. > Each of our customer's account has its own users, and applications > installed, and we also provide services API's consumed by various clients. > We will have a large number of tenants. > I found an open issue from 2017 that mentions that Keycloak may have some > scalability issues with a large number of realms. > https://issues.jboss.org/browse/KEYCLOAK-4593 > > And also this thread  from 2016, > https://lists.jboss.org/pipermail/keycloak-user/2016-October/008033.html, > that states that "Keycloak was not designed to support multi-tenancy > directly."..."In that regards we have never tested with high amounts of > realms as we expect there to be few realms (up to 10 most likely)." > > I was wonder if there was any progress on the multi-tenancy use case, and > are there any best practices on how to setup Keycloack to support it. > > On the other hand, is there any other approach to handle our use-case? > Thanks, > Litom > _______________________________________________ keycloak-user mailing list keycloak-user(a)lists.jboss.org <mailto:keycloak-user@lists.jboss.org> https://lists.jboss.org/mailman/listinfo/keycloak-user Like <https://www.facebook.com/cuebiq/>IFollow <https://twitter.com/Cuebiq>IConnect <https://www.linkedin.com/company/cuebiq> This email is reserved exclusively for sending and receiving messages inherent working activities, and is not intended nor authorized for personal use. Therefore, any outgoing messages or incoming response messages will be treated as company messages and will be subject to the corporate IT policy and may possibly to be read by persons other than by the subscriber of the box. Confidential information may be contained in this message. If you are not the address indicated in this message, please do not copy or deliver this message to anyone. In such case, you should notify the sender immediately and delete the original message.