[keycloak-user] Multitenancy for WAR
Nils Preusker
n.preusker at gmail.com
Fri May 30 14:16:57 EDT 2014
Sorry, I just noticed that my example was wrong...
here is what I meant:
|- realm
| |-users
| | |-realm-level-user-1
| | |-...
| |-tenants
| | |-tenant-1
| | | |-users
| | | | |-tenant-level-user-1
| | | | |-...
However, nested realms would be an alternative I guess.
Cheers,
Nils
On Fri, May 30, 2014 at 8:12 PM, Nils Preusker <n.preusker at gmail.com> wrote:
> Hi Bill,
>
> I guess you are right, there isn't really a difference. It would just be
> important to be able to add realms at runtime. Are you suggesting to have
> nested realms (just replacing tenant with realm in my previous example)?
>
> Does that make more sense?
> Cheers,
> Nils
>
>
> On Fri, May 30, 2014 at 6:05 PM, Bill Burke <bburke at redhat.com> wrote:
>
>> I don't what the different between a tenant and a realm would be in your
>> example.
>>
>> On 5/30/2014 5:28 AM, Nils Preusker wrote:
>> > Hi Bill,
>> >
>> > what I was thinking of was tenants as nested element within a realm.
>> >
>> > We'd like to be able to add tenants at runtime. That's where I see a
>> > problem with multi-realm support, since realms are "hardcoded" in the
>> > keycloak.json. So if you add a realm in the admin-console, with
>> > multi-realm support you'd still have to modify the deployed WAR by
>> > adding the new realm to the keycloak.json file.
>> >
>> > I was thinking of a structure like this:
>> >
>> > |- realm
>> > | |-users
>> > | |-realm-level-user-1
>> > | |-...
>> > |-tenants
>> > | |-tenant-1
>> > | | |-users
>> > | | | |-tenant-level-user-1
>> > | | | |-...
>> >
>> > Let me know what you think!
>> > Cheers,
>> > Nils
>> >
>> >
>> >
>> >
>> >
>> >
>> >
>> >
>> > On Thu, May 29, 2014 at 11:04 PM, Bill Burke <bburke at redhat.com
>> > <mailto:bburke at redhat.com>> wrote:
>> >
>> > Somebody else was asking for this feature. We may have to add it
>> beta 2
>> > even though I wanted to have a feature freeze.
>> >
>> > How did you expect it to work? One guy wanted to discover realm per
>> > request via parsing the URL. Another guy just wanted multi-realm
>> > support for bearer-only services.
>> >
>> >
>> > On 5/29/2014 4:54 PM, Nils Preusker wrote:
>> > > Hi,
>> > >
>> > > first of all, congrats on the beta 1 release!
>> > >
>> > > Here's my question: I have a WAR with a REST API that I'm
>> > securing with
>> > > Keycloak. Now I'd like to add multitenancy support.
>> > >
>> > > If I understand the concept in keycloak correctly, I would
>> > somehow have
>> > > to have several realms in the keycloak.json and the web.xml of
>> > the war,
>> > > right? However there is just one realm-name attribute in the
>> > web.xml and
>> > > the structure of keycloak.json also looks like it is intended
>> for one
>> > > realm. Am I missing something?
>> > >
>> > > Cheers,
>> > > Nils
>> > >
>> > >
>> > >
>> > >
>> > > _______________________________________________
>> > > keycloak-user mailing list
>> > > keycloak-user at lists.jboss.org <mailto:
>> keycloak-user at lists.jboss.org>
>> > > https://lists.jboss.org/mailman/listinfo/keycloak-user
>> > >
>> >
>> > --
>> > Bill Burke
>> > JBoss, a division of Red Hat
>> > http://bill.burkecentral.com
>> > _______________________________________________
>> > keycloak-user mailing list
>> > keycloak-user at lists.jboss.org <mailto:keycloak-user at lists.jboss.org
>> >
>> > https://lists.jboss.org/mailman/listinfo/keycloak-user
>> >
>> >
>> >
>> >
>> > _______________________________________________
>> > keycloak-user mailing list
>> > keycloak-user at lists.jboss.org
>> > https://lists.jboss.org/mailman/listinfo/keycloak-user
>> >
>>
>> --
>> Bill Burke
>> JBoss, a division of Red Hat
>> http://bill.burkecentral.com
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20140530/6a122796/attachment-0001.html
More information about the keycloak-user
mailing list