[keycloak-dev] Multi tenancy support - a proposal to discuss

Stan Silvert ssilvert at redhat.com
Wed Oct 22 07:51:09 EDT 2014


On 10/21/2014 5:26 PM, Bill Burke wrote:
> Would be cool if you added a unit test and documentation for this
> feature.  If you need some help with that, let me know.
I'll definitely be writing doco for this and the rest of the subsystem 
changes.  I will let you know if I need help with unit tests.
>
> On 10/21/2014 9:43 AM, Juraci Paixão Kröhling wrote:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA512
>>
>> On 10/21/2014 02:45 PM, Stan Silvert wrote:
>>> I don't know if this helps your use case, but you will soon be able
>>> to deploy more than one Keycloak Auth Server in the same WildFly
>>> instance. Each server will have a different web context and be
>>> completely independent.
>>>
>>> So you would have something like:
>>> http://localhost:8080/authserverone/admin/index.html
>>> http://localhost:8080/authservertwo/admin/index.html
>>>
>>> In standalone.xml, you will have: <subsystem
>>> xmlns="urn:jboss:domain:keycloak:1.0"> <auth-server
>>> name="authserverone"> <enabled>true</enabled>
>>> <web-context>authserverone</web-context> </auth-server>
>>> <auth-server name="authservertwo"> <enabled>true</enabled>
>>> <web-context>authservertwo</web-context> </auth-server>
>>> </subsystem>
>>>
>>> You will also need to associate each one with a different
>>> datasource using keycloak-server.json.
>> That sounds like an interesting scenario, but won't help on this case,
>> as the users would register an account themselves. So, either we would
>> need to provision Keycloak servers on demand, or we would use one
>> realm per account, which is the approach I was thinking.
>>
>> - - Juca.
>> -----BEGIN PGP SIGNATURE-----
>> Version: GnuPG v1
>>
>> iQEcBAEBCgAGBQJURmLrAAoJEDnJtskdmzLMjKQIAI65gLH+J8o2bX6HpESeWey9
>> KTVv7y29Le/oTtzbCQy3TOdGD0YYm8f0jZLjG6d7hvYPi6Mfc9DF7NiVjpFtRh/m
>> 5EaZe8EoXNZBoWPELKR3xKxIxEzWeujvRVyRl6BYRoPlmSZV1Gb73BINjckABW+D
>> ovZk/8WoFy3XMT2EmpLBcwZaWR70IPd7ELFcK/mmPz7emJQD1l7q8zAue8//Y0kr
>> U4Lxo1LXG5Fbm48JIs1dY2xIq3X8EAAxJt3g8llM4/uwc9kb6DxsmkU+g8wXMgTV
>> Vy6Klw0RKj6jjl3/Q4/gYVdmF6BgtSWqhlqaj+5ajeqWdH4MykcYPbUPek5e6iE=
>> =Z5ws
>> -----END PGP SIGNATURE-----
>> _______________________________________________
>> keycloak-dev mailing list
>> keycloak-dev at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>>



More information about the keycloak-dev mailing list