[keycloak-dev] REST based identity management
Reza Rasouli
ramtinova at gmail.com
Wed Feb 11 16:03:11 EST 2015
Hi,
regarding multi-tenancy in keycloak, where each tenant maps to a realm, I
wanted to ask for help on clarifying some key concepts in keycloak for aid
in implementing a simple REST based identity management POC.
Imagine there is a requirement for a multi-tenant environment where user
registration (=creation) , user login, user logout and knowing whether a
user is still logged in or not must be done over some wrapper REST service
which exposes the mentioned functionality to outside world.
With KeyCloak being deployed in a private network, I have written some
wrapper REST service which does create users for a desired tenant (=realm),
and this wrapper service itself calls KeyCloak's "*Direct Grant API*" from
an *OAuth* Client with *Super-User* Credentials both defined in the "
*master*" realm having sufficient privileges over all realms (as defined by
the documentation in "Chapter 17. Admin REST API").
Now I want to be able to wrap the logging-in and logging-out process of a
user into a tenant in the same way as user creation, which I don't know how
to work around this scenario exactly
there are some different questions in my head, regarding the situation
explained in my head which I wanted to ask :
- to be able to log a user in/out, *through a wrapper rest
service* , *which
has been passed the user credential to and wants to use KeyCloak REST APIs*,
should I create an OAuth client per each realm and login/log out the user,
using the related OAuth client in each realm ?
- Which REST API provides information on whether a specific user is
already logged in or not on a specific realm?
- How "Application" concept in keycloak differs from "OAuth Client" and
does it make sense to log a user to an application (over REST API), if yes
how this is different from logging a user into a realm with OAuth Client ?
Thanks Alot,
I really appreciate your help.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-dev/attachments/20150212/5a55a61c/attachment.html
More information about the keycloak-dev
mailing list