[keycloak-user] Keycloack Multi -Tenancy question

Matteo Restelli mrestelli at cuebiq.com
Tue Sep 24 09:15:43 EDT 2019 

For your interest.
We've evaluated internally the usage of many realms for customers and we've
encountered many issues, both on the frontend application (admin console
loading was really slow with 150-200 realms) and on the backend (in the
code there are places where it iterates between realms, loading a lot of
stuff). The cache helps, but i think that, for supporting multirealms,
there should be some refactoring / redesign of some components.
In addition, i think that some features like the sharing of a client
between realms (think of many tenants accessing the same single page
application, with the same client) need to be added. The segregation of
realms is a really cool feature, but could cause problems in a multi realm
scenario (maybe introducing, also, some hierarchical relationships between
realms could be useful).

Have a nice day,
Matteo

On Tue, Sep 24, 2019 at 2:45 PM Marek Posolda <mposolda at redhat.com> wrote:

> Hi,
>
> there is no change in this area. Big number of realms can be still an
> issue. We plan some refactoring of the storage layer in near future (1-2
> years as very rough estimate) and that should help to address the
> multitenancy use-case among other things.
>
> Marek
>
> On 23. 09. 19 9:14, Litom Segal wrote:
> > We are considering using Keycloack in a multi-tenant fashion.
> > Each of our customer's account has its own users, and applications
> > installed, and we also provide services API's consumed by various
> clients.
> > We will have a large number of tenants.
> > I found an open issue from 2017 that mentions that Keycloak may have some
> > scalability issues with a large number of realms.
> > https://issues.jboss.org/browse/KEYCLOAK-4593
> >
> > And also this thread  from 2016,
> > https://lists.jboss.org/pipermail/keycloak-user/2016-October/008033.html
> ,
> > that states that "Keycloak was not designed to support multi-tenancy
> > directly."..."In that regards we have never tested with high amounts of
> > realms as we expect there to be few realms (up to 10 most likely)."
> >
> > I was wonder if there was any progress on the multi-tenancy use case, and
> > are there any best practices on how to setup Keycloack to support it.
> >
> > On the other hand, is there any other approach to handle our use-case?
> > Thanks,
> > Litom
> >
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>

-- 

Like <https://www.facebook.com/cuebiq/> I Follow  
<https://twitter.com/Cuebiq>I Connect 
<https://www.linkedin.com/company/cuebiq>


This email is reserved 
exclusively for sending and receiving messages inherent working activities, 
and is not intended nor authorized for personal use. Therefore, any 
outgoing messages or incoming response messages will be treated as company 
messages and will be subject to the corporate IT policy and may possibly to 
be read by persons other than by the subscriber of the box. Confidential 
information may be contained in this message. If you are not the address 
indicated in this message, please do not copy or deliver this message to 
anyone. In such case, you should notify the sender immediately and delete 
the original message.

More information about the keycloak-user mailing list