[ https://issues.jboss.org/browse/TEIID-5780?page=com.atlassian.jira.plugin... ] Steven Hawkins commented on TEIID-5780: --------------------------------------- That gets complicated as well. Presumably the Teiid pod will be configured to use keycloak, where as the pg container will have it's own user store with an admin account generated at deployment time. - We simply glean the pg admin credentials and put special handling in our username/password authentication to grant that user admin access. This is very similar to the ssl cert approach in that the principal we're authenticating will not exist in the Teiid realm. As with the ssl case there's a chance that this username will collide with a user in the realm which would be very confusing from a logging perspective. Note that it is possible to assume that this user belongs to a different security-domain / realm, but most of our logic no longer reports that as part of the username... - We require the creation of an admin account in the realm, and then also configure pg to use keycloak or some other identity assertion mechanism. This doesn't seem that easy, and it could be a manual task to add the admin user. It that account gets disabled for any reason all materialization for any vdb using that realm will be broken. Do you see another option? -- This message was sent by Atlassian Jira (v7.12.1#712002)