[keycloak-user] Multitenant KeycloakConfigResolver
Vagelis Savvas
vagelis.savvas at gmail.com
Fri Nov 2 05:09:37 EDT 2018
Hello Dmitry,
thanx for the reply.
Currently I do indeed just return a new KeycloakDeployment() as you suggest.
This approach may stop working though, take a look at [1].
That said, I don't know if this code will be eventually included in
Keycloak.
Cheers,
Vagelis
On 02/11/2018 06:49, Dmitry Telegin wrote:
> Hello Vagelis,
>
> Please see my answer to exactly the same question: http://lists.jboss.org/pipermail/keycloak-user/2018-October/016026.html
>
> TL;DR: this is by design, but you shouldn't be worried. For unsecured URLs you can simply return new KeycloakDeployment() from your resolver.
>
> Cheers,
> Dmitry Telegin
> CTO, Acutus s.r.o.
> Keycloak Consulting and Training
>
> Pod lipami street 339/52, 130 00 Prague 3, Czech Republic
> +42 (022) 888-30-71
> E-mail: info at acutus.pro
>
> On Tue, 2018-10-30 at 09:19 +0200, Vagelis Savvas wrote:
>> Hello,
>>
>> in a multitenant app on Wildfly 14.0.1 with a bearer-only REST API to
>> protect I would like some URLs
>> to not be secured. So I would like my custom KeycloakConfigResolver
>> implementation
>> to not be called when those URLs are hit but it is. The reason I don't
>> want my KeycloakConfigResolver to be called is simply because
>> I have no clue as to what to return in that case: its a non-secured REST
>> endpoint so a Keycloak realm doesn't make sense in my understanding.
>> My setup follows the docs: I've installed the adapter for Wildfly and
>> the web.xml has the necessary setup for not securing some URLs (no
>> auth-constraint for those URLs)
>> Also in jboss-web.xml the security-domain element isn't defined,
>> although I don't know if that plays any role.
>> My final goal is to have some URLs secured by using the JBoss specific
>> @SecurityDomain and the standard @RolesAllowed etc annotations.
>> Can you please shed some light on this matter? I'd greatly appreciate
>> any detailed explanation of the mechanisms involved in this area.
>>
>> Cheers,
>> Vagelis
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-user
More information about the keycloak-user
mailing list