[keycloak-user] MultiTenancy / MultiRealms

Sascha Skorupa sascha.skorupa at traveltainment.de
Tue Oct 27 04:36:34 EDT 2015


currently we have implemented an own Resolver that loads the "keycloak.json" configuration by extracting the realm name from the issuer element of the token because the realm name is not explicitly mapped. But I think it is possible to implement a custom protocol mapper to map the realm explicitly to the token.

It is not finally clarified how to load the configuration dynamically from a wildfly subsystem. 

- sascha

-----Ursprüngliche Nachricht-----
Von: keycloak-user-bounces at lists.jboss.org [mailto:keycloak-user-bounces at lists.jboss.org] Im Auftrag von Juraci Paixão Kröhling
Gesendet: Montag, 26. Oktober 2015 18:18
An: keycloak-user at lists.jboss.org
Betreff: Re: [keycloak-user] MultiTenancy / MultiRealms

On 10/16/2015 02:00 PM, Sascha Skorupa wrote:
> we want to authenticate users from different realms in one 
> client/application. We looked at the multitenancy example but there 
> the realms are distinguished by the requested URL. In our case the 
> users send tokens to the application from different issuers. Is there 
> any recommendation how to handle this?

If you are able to determine the realm from the token, then you can just implement your own KeycloakConfigResolver.


- Juca.
keycloak-user mailing list
keycloak-user at lists.jboss.org

More information about the keycloak-user mailing list