[keycloak-dev] Multi tenancy support - a proposal to discuss

Bill Burke bburke at redhat.com
Wed Oct 22 08:35:14 EDT 2014


I was talking to Juraci. :)

On 10/22/2014 7:51 AM, Stan Silvert wrote:
> On 10/21/2014 5:26 PM, Bill Burke wrote:
>> Would be cool if you added a unit test and documentation for this
>> feature.  If you need some help with that, let me know.
> I'll definitely be writing doco for this and the rest of the subsystem
> changes.  I will let you know if I need help with unit tests.
>>
>> On 10/21/2014 9:43 AM, Juraci Paixão Kröhling wrote:
>>> -----BEGIN PGP SIGNED MESSAGE-----
>>> Hash: SHA512
>>>
>>> On 10/21/2014 02:45 PM, Stan Silvert wrote:
>>>> I don't know if this helps your use case, but you will soon be able
>>>> to deploy more than one Keycloak Auth Server in the same WildFly
>>>> instance. Each server will have a different web context and be
>>>> completely independent.
>>>>
>>>> So you would have something like:
>>>> http://localhost:8080/authserverone/admin/index.html
>>>> http://localhost:8080/authservertwo/admin/index.html
>>>>
>>>> In standalone.xml, you will have: <subsystem
>>>> xmlns="urn:jboss:domain:keycloak:1.0"> <auth-server
>>>> name="authserverone"> <enabled>true</enabled>
>>>> <web-context>authserverone</web-context> </auth-server>
>>>> <auth-server name="authservertwo"> <enabled>true</enabled>
>>>> <web-context>authservertwo</web-context> </auth-server>
>>>> </subsystem>
>>>>
>>>> You will also need to associate each one with a different
>>>> datasource using keycloak-server.json.
>>> That sounds like an interesting scenario, but won't help on this case,
>>> as the users would register an account themselves. So, either we would
>>> need to provision Keycloak servers on demand, or we would use one
>>> realm per account, which is the approach I was thinking.
>>>
>>> - - Juca.
>>> -----BEGIN PGP SIGNATURE-----
>>> Version: GnuPG v1
>>>
>>> iQEcBAEBCgAGBQJURmLrAAoJEDnJtskdmzLMjKQIAI65gLH+J8o2bX6HpESeWey9
>>> KTVv7y29Le/oTtzbCQy3TOdGD0YYm8f0jZLjG6d7hvYPi6Mfc9DF7NiVjpFtRh/m
>>> 5EaZe8EoXNZBoWPELKR3xKxIxEzWeujvRVyRl6BYRoPlmSZV1Gb73BINjckABW+D
>>> ovZk/8WoFy3XMT2EmpLBcwZaWR70IPd7ELFcK/mmPz7emJQD1l7q8zAue8//Y0kr
>>> U4Lxo1LXG5Fbm48JIs1dY2xIq3X8EAAxJt3g8llM4/uwc9kb6DxsmkU+g8wXMgTV
>>> Vy6Klw0RKj6jjl3/Q4/gYVdmF6BgtSWqhlqaj+5ajeqWdH4MykcYPbUPek5e6iE=
>>> =Z5ws
>>> -----END PGP SIGNATURE-----
>>> _______________________________________________
>>> keycloak-dev mailing list
>>> keycloak-dev at lists.jboss.org
>>> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>>>
>
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>

-- 
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com


More information about the keycloak-dev mailing list