From: "Hipfinger Martin (BCC.ÖBB.TicketShop.MA)" <Martin.Hipfinger(a)oebb.at&gt; To: keycloak-user(a)lists.jboss.org Sent: Monday, 3 August, 2015 2:31:16 PM Subject: [keycloak-user] WG: AW: AW: multi tenant configuration with 1.3.1? In our current setup, each tenant is using several realms. Each tenant is using it’s own database. This setup fits exactly to our needs. However, we’d need 1.3.1 features, so I’m searching for the best fitting new setup.

@ multi-tenancy example: after following the steps mentioned in the example, I see the urls configured in the “tenant-realm” The url of the client-id multi-tenant brings 404 The url of the client-id security-admin-console and account brings the login page, but the user user-tenant1 cannot login (we’re sorry – no access)

-----Ursprüngliche Nachricht----- Von: Stian Thorgersen [ mailto:stian@redhat.com ] Gesendet: Mittwoch, 22. Juli 2015 13:46 An: Hipfinger Martin (BCC.ÖBB.TicketShop.MA) Betreff: Re: AW: AW: [keycloak-user] multi tenant configuration with 1.3.1? Yes, multi-tenancy is based on realms. Why would we need two levels of multi-tenancy? I'd need more info about what your problem is to be able to help you out with the multi-tenancy example ----- Original Message ----- > From: "Hipfinger Martin (BCC.ÖBB.TicketShop.MA)" > < Martin.Hipfinger(a)oebb.at > > To: "Stian Thorgersen" < stian(a)redhat.com > > Sent: Wednesday, 22 July, 2015 1:41:05 PM > Subject: AW: AW: [keycloak-user] multi tenant configuration with 1.3.1? > > But i don't understand the multi tenancy concept then - is it based > just on realms? However, I couldn't get this example working either > https://github.com/keycloak/keycloak/tree/master/examples/multi-tenant > > -----Ursprüngliche Nachricht----- > Von: Stian Thorgersen [ mailto:stian@redhat.com ] > Gesendet: Mittwoch, 22. Juli 2015 13:34 > An: Hipfinger Martin (BCC.ÖBB.TicketShop.MA) > Betreff: Re: AW: [keycloak-user] multi tenant configuration with 1.3.1? > > Ah, sorry thought you where talking about providers. We don't support > overlays and really never have, it was an experimental feature. You > should configure Keycloak through > standalone/configuration/keycloak-server.json. > > ----- Original Message ----- > > From: "Hipfinger Martin (BCC.ÖBB.TicketShop.MA)" > > < Martin.Hipfinger(a)oebb.at > > > To: "Stian Thorgersen" < stian(a)redhat.com > > > Sent: Wednesday, 22 July, 2015 1:30:12 PM > > Subject: AW: [keycloak-user] multi tenant configuration with 1.3.1? > > > > Hi, > > > > i've already done that for sure - but cannot see the necessary > > steps; would you please be so kind and point me to the right direction? > > > > br, > > Martin > > > > -----Ursprüngliche Nachricht----- > > Von: Stian Thorgersen [ mailto:stian@redhat.com ] > > Gesendet: Mittwoch, 22. Juli 2015 13:23 > > An: Hipfinger Martin (BCC.ÖBB.TicketShop.MA) > > Cc: keycloak-user(a)lists.jboss.org > > Betreff: Re: [keycloak-user] multi tenant configuration with 1.3.1? > > > > Read the manual: > > http://keycloak.github.io/docs/userguide/html/Migration_from_older_v > > er > > sions.html#d4e3319 > > > > ----- Original Message ----- > > > From: "Hipfinger Martin (BCC.ÖBB.TicketShop.MA)" > > > < Martin.Hipfinger(a)oebb.at > > > > To: keycloak-user(a)lists.jboss.org > > > Sent: Wednesday, 22 July, 2015 1:07:54 PM > > > Subject: [keycloak-user] multi tenant configuration with 1.3.1? > > > > > > > > > > > > Hi, > > > > > > > > > > > > we’re running keycloak 1.1 with several overlays – in detail: > > > > > > > > > > > > - A new datasource per overlay > > > > > > /opt/keycloak/bin/jboss-cli.sh --commands="connect, data-source > > > add --name= xxx DS --connection-url=jdbc:oracle:thin:@ > > > xxxxx:1522:xxxxx --jndi-name=java:jboss/datasources/ xxx DS > > > --driver-name=ojdbc --password= xxx --user-name= XXX " > > > > > > > > > > > > - A new auth-server entry > > > > > > /opt/keycloak/bin/jboss-cli.sh --commands="connect, > > > /subsystem=keycloak/auth-server= xxx -server/:add(web-context= xxx > > > , enabled=true)" > > > > > > > > > > > > - An own keycloak-server.json > > > > > > "connectionsJpa": { > > > > > > "default": { > > > > > > "dataSource": "java:jboss/datasources/ xxx DS", > > > > > > "databaseSchema": "update" > > > > > > } > > > > > > } > > > > > > "connectionsInfinispan": { > > > > > > "default" : { > > > > > > "cacheContainer" : "java:jboss/infinispan/ xxx Keycloak" > > > > > > } > > > > > > > > > > > > /opt/keycloak/bin/jboss-cli.sh --commands=”connect, > > > /subsystem=keycloak/auth-server= xxx > > > -server:update-server-config(bytes-to-upload=/opt/keycloak/standal > > > on > > > e/ > > > configuration/keycloak-server- > > > xxx .json,overwrite=true)” > > > > > > > > > > > > This configuration isn’t supported anymore with 1.3.1 - do you > > > have any hint for me, how to achieve a similar config with 1.3.1? > > > > > > > > > > > > br, > > > > > > Martin > > > > > > > > > > > > > > > > > > _______________________________________________ > > > keycloak-user mailing list > > > keycloak-user(a)lists.jboss.org > > > https://lists.jboss.org/mailman/listinfo/keycloak-user > > > _______________________________________________ keycloak-user mailing list keycloak-user(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-user