[keycloak-user] WG: AW: AW: multi tenant configuration with 1.3.1?

Stian Thorgersen stian at redhat.com
Mon Aug 10 03:12:47 EDT 2015



----- Original Message -----
> From: "Hipfinger Martin (BCC.ÖBB.TicketShop.MA)" <Martin.Hipfinger at oebb.at>
> To: keycloak-user at lists.jboss.org
> Sent: Monday, 3 August, 2015 2:31:16 PM
> Subject: [keycloak-user] WG: AW: AW: multi tenant configuration with 1.3.1?
> 
> 
> 
> 
> 
> 
> 
> In our current setup, each tenant is using several realms. Each tenant is
> using it’s own database. This setup fits exactly to our needs. However, we’d
> need 1.3.1 features, so I’m searching for the best fitting new setup.

For those scenarios we assume the use of separate Keycloak instances using for example OpenShift or Docker. 

It's very unlikely that we'd support configuring different databases for different realms or bringing in additional concepts of tenants than a realm.

> 
> 
> 
> @ multi-tenancy example: after following the steps mentioned in the example,
> I see the urls configured in the “tenant-realm”
> 
> 
> 
> 
> 
> The url of the client-id multi-tenant brings 404
> 
> The url of the client-id security-admin-console and account brings the login
> page, but the user user-tenant1 cannot login (we’re sorry – no access)

Did you follow the readme for the multi-tenancy example? It specifies the urls to visit for each "tenant".

> 
> 
> 
> 
> 
> 
> 
> -----Ursprüngliche Nachricht-----
> Von: Stian Thorgersen [ mailto:stian at redhat.com ]
> Gesendet: Mittwoch, 22. Juli 2015 13:46
> An: Hipfinger Martin (BCC.ÖBB.TicketShop.MA)
> Betreff: Re: AW: AW: [keycloak-user] multi tenant configuration with 1.3.1?
> 
> 
> 
> Yes, multi-tenancy is based on realms. Why would we need two levels of
> multi-tenancy?
> 
> 
> 
> I'd need more info about what your problem is to be able to help you out with
> the multi-tenancy example
> 
> 
> 
> ----- Original Message -----
> 
> > From: "Hipfinger Martin (BCC.ÖBB.TicketShop.MA)"
> 
> > < Martin.Hipfinger at oebb.at >
> 
> > To: "Stian Thorgersen" < stian at redhat.com >
> 
> > Sent: Wednesday, 22 July, 2015 1:41:05 PM
> 
> > Subject: AW: AW: [keycloak-user] multi tenant configuration with 1.3.1?
> 
> > 
> 
> > But i don't understand the multi tenancy concept then - is it based
> 
> > just on realms? However, I couldn't get this example working either
> 
> > https://github.com/keycloak/keycloak/tree/master/examples/multi-tenant
> 
> > 
> 
> > -----Ursprüngliche Nachricht-----
> 
> > Von: Stian Thorgersen [ mailto:stian at redhat.com ]
> 
> > Gesendet: Mittwoch, 22. Juli 2015 13:34
> 
> > An: Hipfinger Martin (BCC.ÖBB.TicketShop.MA)
> 
> > Betreff: Re: AW: [keycloak-user] multi tenant configuration with 1.3.1?
> 
> > 
> 
> > Ah, sorry thought you where talking about providers. We don't support
> 
> > overlays and really never have, it was an experimental feature. You
> 
> > should configure Keycloak through
> > standalone/configuration/keycloak-server.json.
> 
> > 
> 
> > ----- Original Message -----
> 
> > > From: "Hipfinger Martin (BCC.ÖBB.TicketShop.MA)"
> 
> > > < Martin.Hipfinger at oebb.at >
> 
> > > To: "Stian Thorgersen" < stian at redhat.com >
> 
> > > Sent: Wednesday, 22 July, 2015 1:30:12 PM
> 
> > > Subject: AW: [keycloak-user] multi tenant configuration with 1.3.1?
> 
> > > 
> 
> > > Hi,
> 
> > > 
> 
> > > i've already done that for sure - but cannot see the necessary
> 
> > > steps; would you please be so kind and point me to the right direction?
> 
> > > 
> 
> > > br,
> 
> > > Martin
> 
> > > 
> 
> > > -----Ursprüngliche Nachricht-----
> 
> > > Von: Stian Thorgersen [ mailto:stian at redhat.com ]
> 
> > > Gesendet: Mittwoch, 22. Juli 2015 13:23
> 
> > > An: Hipfinger Martin (BCC.ÖBB.TicketShop.MA)
> 
> > > Cc: keycloak-user at lists.jboss.org
> 
> > > Betreff: Re: [keycloak-user] multi tenant configuration with 1.3.1?
> 
> > > 
> 
> > > Read the manual:
> 
> > > http://keycloak.github.io/docs/userguide/html/Migration_from_older_v
> 
> > > er
> 
> > > sions.html#d4e3319
> 
> > > 
> 
> > > ----- Original Message -----
> 
> > > > From: "Hipfinger Martin (BCC.ÖBB.TicketShop.MA)"
> 
> > > > < Martin.Hipfinger at oebb.at >
> 
> > > > To: keycloak-user at lists.jboss.org
> 
> > > > Sent: Wednesday, 22 July, 2015 1:07:54 PM
> 
> > > > Subject: [keycloak-user] multi tenant configuration with 1.3.1?
> 
> > > > 
> 
> > > > 
> 
> > > > 
> 
> > > > Hi,
> 
> > > > 
> 
> > > > 
> 
> > > > 
> 
> > > > we’re running keycloak 1.1 with several overlays – in detail:
> 
> > > > 
> 
> > > > 
> 
> > > > 
> 
> > > > - A new datasource per overlay
> 
> > > > 
> 
> > > > /opt/keycloak/bin/jboss-cli.sh --commands="connect, data-source
> 
> > > > add --name= xxx DS --connection-url=jdbc:oracle:thin:@
> 
> > > > xxxxx:1522:xxxxx --jndi-name=java:jboss/datasources/ xxx DS
> 
> > > > --driver-name=ojdbc --password= xxx --user-name= XXX "
> 
> > > > 
> 
> > > > 
> 
> > > > 
> 
> > > > - A new auth-server entry
> 
> > > > 
> 
> > > > /opt/keycloak/bin/jboss-cli.sh --commands="connect,
> 
> > > > /subsystem=keycloak/auth-server= xxx -server/:add(web-context= xxx
> 
> > > > , enabled=true)"
> 
> > > > 
> 
> > > > 
> 
> > > > 
> 
> > > > - An own keycloak-server.json
> 
> > > > 
> 
> > > > "connectionsJpa": {
> 
> > > > 
> 
> > > > "default": {
> 
> > > > 
> 
> > > > "dataSource": "java:jboss/datasources/ xxx DS",
> 
> > > > 
> 
> > > > "databaseSchema": "update"
> 
> > > > 
> 
> > > > }
> 
> > > > 
> 
> > > > }
> 
> > > > 
> 
> > > > "connectionsInfinispan": {
> 
> > > > 
> 
> > > > "default" : {
> 
> > > > 
> 
> > > > "cacheContainer" : "java:jboss/infinispan/ xxx Keycloak"
> 
> > > > 
> 
> > > > }
> 
> > > > 
> 
> > > > 
> 
> > > > 
> 
> > > > /opt/keycloak/bin/jboss-cli.sh --commands=”connect,
> 
> > > > /subsystem=keycloak/auth-server= xxx
> 
> > > > -server:update-server-config(bytes-to-upload=/opt/keycloak/standal
> 
> > > > on
> 
> > > > e/
> 
> > > > configuration/keycloak-server-
> 
> > > > xxx .json,overwrite=true)”
> 
> > > > 
> 
> > > > 
> 
> > > > 
> 
> > > > This configuration isn’t supported anymore with 1.3.1 - do you
> 
> > > > have any hint for me, how to achieve a similar config with 1.3.1?
> 
> > > > 
> 
> > > > 
> 
> > > > 
> 
> > > > br,
> 
> > > > 
> 
> > > > Martin
> 
> > > > 
> 
> > > > 
> 
> > > > 
> 
> > > > 
> 
> > > > 
> 
> > > > _______________________________________________
> 
> > > > keycloak-user mailing list
> 
> > > > keycloak-user at lists.jboss.org
> 
> > > > https://lists.jboss.org/mailman/listinfo/keycloak-user
> 
> > > 
> 
> > 
> 
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user



More information about the keycloak-user mailing list