[keycloak-user] Multi-tenancy applications

Egor Kolesnikov egor.kolesnikov at fastlane-it.com
Wed Apr 8 22:58:12 EDT 2015


I've been using Keycloak for quite some time now on a couple of projects,
and it's absolutely awesome - it just does the right thing, straight out of
the box.

However, what I found quite confusing is the "Realm" definition which is
missing from the documentation.
I'm trying to add multi-tenancy support to our application and found it a
bit confusing. It seems that Keycloak's approach to multitenancy is "Realm
per tenant" - which makes sense, until it comes to realisation that the
applications only exist within realms. This implies that if there are few
hundreds of tenants (i.e. organisations using the application), the task of
changing application config (i.e. adding application-level role or
adding/removing redirect URL) becomes maintenance nightmare.

Is it at all possible to define a "global", not realm-confined application
in Keycloak? Would it be hard to implement? Happy to put some effort into
it and send a pull request.

A bit more context:
- I have an webapp that serves multiple organisations.
- Each organisation has its own users and admins (who can create users and
other admins).
- There is a "Super" administrator who creates organisations and admins.
- Webapp can recognise the organisation based on Company ID or domain name.

Many thanks in advance.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20150409/44ffabc9/attachment.html 


More information about the keycloak-user mailing list