Hi,
currently we have implemented an own Resolver that loads the "keycloak.json"
configuration by extracting the realm name from the issuer element of the token because
the realm name is not explicitly mapped. But I think it is possible to implement a custom
protocol mapper to map the realm explicitly to the token.
It is not finally clarified how to load the configuration dynamically from a wildfly
subsystem.
- sascha
-----Ursprüngliche Nachricht-----
Von: keycloak-user-bounces(a)lists.jboss.org [mailto:keycloak-user-bounces@lists.jboss.org]
Im Auftrag von Juraci Paixão Kröhling
Gesendet: Montag, 26. Oktober 2015 18:18
An: keycloak-user(a)lists.jboss.org
Betreff: Re: [keycloak-user] MultiTenancy / MultiRealms
On 10/16/2015 02:00 PM, Sascha Skorupa wrote:
we want to authenticate users from different realms in one
client/application. We looked at the multitenancy example but there
the realms are distinguished by the requested URL. In our case the
users send tokens to the application from different issuers. Is there
any recommendation how to handle this?
If you are able to determine the realm from the token, then you can just implement your
own KeycloakConfigResolver.
http://git.io/vW6kF
- Juca.
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user