[keycloak-user] Multitenant KeycloakConfigResolver

Dmitry Telegin dt at acutus.pro
Fri Nov 2 00:49:27 EDT 2018


Hello Vagelis,

Please see my answer to exactly the same question: http://lists.jboss.org/pipermail/keycloak-user/2018-October/016026.html

TL;DR: this is by design, but you shouldn't be worried. For unsecured URLs you can simply return new KeycloakDeployment() from your resolver.

Cheers,
Dmitry Telegin
CTO, Acutus s.r.o.
Keycloak Consulting and Training

Pod lipami street 339/52, 130 00 Prague 3, Czech Republic
+42 (022) 888-30-71
E-mail: info at acutus.pro

On Tue, 2018-10-30 at 09:19 +0200, Vagelis Savvas wrote:
> Hello,
> 
> in a multitenant app on Wildfly 14.0.1 with a bearer-only REST API to 
> protect I would like some URLs
> to not be secured. So I would like my custom KeycloakConfigResolver 
> implementation
> to not be called when those URLs are hit but it is. The reason I don't 
> want my KeycloakConfigResolver to be called is simply because
> I have no clue as to what to return in that case: its a non-secured REST 
> endpoint so a Keycloak realm doesn't make sense in my understanding.
> My setup follows the docs: I've installed the adapter for Wildfly and 
> the web.xml has the necessary setup for not securing some URLs (no 
> auth-constraint for those URLs)
> Also in jboss-web.xml the security-domain element isn't defined, 
> although I don't know if that plays any role.
> My final goal is to have some URLs secured by using the JBoss specific 
> @SecurityDomain and the standard @RolesAllowed etc annotations.
> Can you please shed some light on this matter? I'd greatly appreciate 
> any detailed explanation of the mechanisms involved in this area.
> 
> Cheers,
> Vagelis
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user


More information about the keycloak-user mailing list