[keycloak-user] Spring Boot with multiple Keycloak instances

Cedric Thiebault cedric.thiebault at sensefly.com
Mon Mar 5 10:25:21 EST 2018 

Thanks Sebastien!


Multi-tenancy config implies that secured resources have different paths depending on which keycloak should be used.


But let's imagine I have a user-service (bearer-only) with secured resource /users/{user-id}.

This resource is used by:

- internal apps (user is authenticated by keycloak for employee)

- customer portal (user is authenticated by keycloak for customers)


I don't see how I can configure user-service to iterate over available Keycloak...


Should I duplicate authentication filters in org.keycloak.adapters.springsecurity.config.KeycloakWebSecurityConfigurerAdapter#configure

.addFilterBefore(keycloakPreAuthActionsFilter(), LogoutFilter.class)
.addFilterBefore(keycloakAuthenticationProcessingFilter(), BasicAuthenticationFilter.class)
.addFilterBefore(keycloakAuthenticatedActionsFilter(), BasicAuthenticationFilter.class)
.addFilterAfter(keycloakSecurityContextRequestFilter(), SecurityContextHolderAwareRequestFilter.class)


I hope I'm clear enough :-/


Thanks for your help!


Cedric


________________________________
From: Sebastien Blanc <sblanc at redhat.com>
Sent: Friday, March 2, 2018 9:48:57 AM
To: Cedric Thiebault
Cc: keycloak-user
Subject: Re: [keycloak-user] Spring Boot with multiple Keycloak instances

Hi Cedric,

You mention "keycloak.json" so I assume you are using the Spring Security Adapter ? If this is the case we don't' have an out of the box solution but you can solve it by implementing your own KeycloakConfigResolver , take a look here http://www.keycloak.org/docs/latest/securing_apps/index.html#_multi_tenancy then in your Spring Boot app declare a bean to point to the new config resolver like :

@Bean
    public KeycloakConfigResolver KeycloakConfigResolver() {
        return new MyCustomConfigResolver();
    }

If you are using Spring Boot adapter "standalone" with the config in the properties file, then we don't support multitenancy yet but we are working on a solution.

On Fri, Mar 2, 2018 at 9:25 AM, Cedric Thiebault <cedric.thiebault at sensefly.com<mailto:cedric.thiebault at sensefly.com>> wrote:
Hello,

We are developing a REST API (Spring Boot micro-services) secured by Keycloak.

We would like to use 2 different Keycloak instances:
- one for employees linked to our Active Directory
- one for our customers
The idea is to isolate environments to reduce the impact on customer side when modifying internal services...

Securing a Spring Boot app with Keycloak Spring adapters is easy (thanks guys!). But I don't see in documentation how use 2 Keycloak instances as we always refer to a single keycloak.json.

Is securing a Spring Boot app with 2 different Keycloak instances possible?

Thanks for your help!

Cedric

_______________________________________________
keycloak-user mailing list
keycloak-user at lists.jboss.org<mailto:keycloak-user at lists.jboss.org>
https://lists.jboss.org/mailman/listinfo/keycloak-user

More information about the keycloak-user mailing list