[keycloak-dev] Multi tenancy support - a proposal to discuss

Juraci Paixão Kröhling juraci at kroehling.de
Tue Oct 21 09:43:07 EDT 2014


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On 10/21/2014 02:45 PM, Stan Silvert wrote:
> I don't know if this helps your use case, but you will soon be able
> to deploy more than one Keycloak Auth Server in the same WildFly
> instance. Each server will have a different web context and be
> completely independent.
> 
> So you would have something like: 
> http://localhost:8080/authserverone/admin/index.html 
> http://localhost:8080/authservertwo/admin/index.html
> 
> In standalone.xml, you will have: <subsystem
> xmlns="urn:jboss:domain:keycloak:1.0"> <auth-server
> name="authserverone"> <enabled>true</enabled> 
> <web-context>authserverone</web-context> </auth-server> 
> <auth-server name="authservertwo"> <enabled>true</enabled> 
> <web-context>authservertwo</web-context> </auth-server> 
> </subsystem>
> 
> You will also need to associate each one with a different
> datasource using keycloak-server.json.

That sounds like an interesting scenario, but won't help on this case,
as the users would register an account themselves. So, either we would
need to provision Keycloak servers on demand, or we would use one
realm per account, which is the approach I was thinking.

- - Juca.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQEcBAEBCgAGBQJURmLrAAoJEDnJtskdmzLMjKQIAI65gLH+J8o2bX6HpESeWey9
KTVv7y29Le/oTtzbCQy3TOdGD0YYm8f0jZLjG6d7hvYPi6Mfc9DF7NiVjpFtRh/m
5EaZe8EoXNZBoWPELKR3xKxIxEzWeujvRVyRl6BYRoPlmSZV1Gb73BINjckABW+D
ovZk/8WoFy3XMT2EmpLBcwZaWR70IPd7ELFcK/mmPz7emJQD1l7q8zAue8//Y0kr
U4Lxo1LXG5Fbm48JIs1dY2xIq3X8EAAxJt3g8llM4/uwc9kb6DxsmkU+g8wXMgTV
Vy6Klw0RKj6jjl3/Q4/gYVdmF6BgtSWqhlqaj+5ajeqWdH4MykcYPbUPek5e6iE=
=Z5ws
-----END PGP SIGNATURE-----


More information about the keycloak-dev mailing list