[keycloak-dev] Multi tenant review
Marek Posolda
mposolda at redhat.com
Fri Oct 31 08:32:48 EDT 2014
I've pushed the changes to master. It was also an opportunity to re-test
our new multitenancy feature! I fixed few things, so now multitenancy
should work on EAP 6.3 too (it seems it was tested just on wildfly 8.1
until now) .
Marek
On 31.10.2014 10:56, Marek Posolda wrote:
>>> I am not sure too TBH:-)
>>> >>
>>> >>Right now we have realm name available on AccessToken in "iss", so atm
>>> >>the realm property on KeycloakSecurityContext is redundant. However it's
>>> >>unclear if we still have it as it's possible that it's not compatible
>>> >>with some 3rd party OIDC providers like Google, so in the future, we
>>> >>would need to change this to URL. Quite related to parallel thread "1.1
>>> >>adapters no longer backward compatible" .
>>> >>
>>> >>My vote is to remove realm property from KeycloakSecurityContext for now
>>> >>and implement getRealm method like:
>>> >>
>>> >> public String getRealm() {
>>> >> return token.getIssuer();
>>> >> }
>>> >>
>>> >>I think that if we need in the future issuer to contain URL, we will
>>> >>probably anyway add another "custom" property to AccessToken containing
>>> >>realm name.
>>> >>
>>> >>Thoughts?
>> >Sounds sensible to me
> Great, I am going to change it this way.
>
> Marek
More information about the keycloak-dev
mailing list