[keycloak-user] Multi tenant on a given resource
Marek Posolda
mposolda at redhat.com
Tue Sep 25 03:32:38 EDT 2018
For servlet adapters, there is this:
https://www.keycloak.org/docs/latest/securing_apps/index.html#_multi_tenancy
For javascript adapters, it is nothing out of the box. Based on your
requirements, you can probably "listen" on the request and then based on
the fragment path, you can create an appropriate instance of "Keycloak"
object which will point either to Keycloak1 or Keycloak2 server.
Marek
On 24/09/18 18:06, DES PLAS Leonore wrote:
> Hi there,
>
> We are wondering how to achieve "multi tenant" on a resource.
> We have a spring boot backend with an angular front end, and are using Spring Security and keycloak-angular adapters.
>
> We have one keycloak used to authenticate and authorize users to the application, that configuration is ok.
> But now, for a set of resources (angular paths and REST services), we need to authenticate to an other Keycloak server, which we don't know much of because it is somebody else's.
> How can we handle having 2 different Keycloak for a set a resources?
> How can we tell in Spring Boot and Angular which AccessToken is the right one ?
> Is it possible to check if AccessToken is valid on 2 different Keycloak and only for some paths ?
>
> At first, we thought about user federation... but we don't want to be able to log in to the application just with the 2nd Keycloak. We have to be logged in with the first Keycloak on all paths, and for some paths we want to also be logged in to the 2nd Keycloak.
>
> Thank you for your time,
>
> Léonore DES PLAS MATTEI
> Ingénieure Etudes et Développement - Aix en Provence SIG
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
More information about the keycloak-user
mailing list