Setting up a multi Tenancy application

|▌冷眼眸甩不掉的悲伤 提交于 2021-02-11 16:34:08

问题


I am currently working on a distributed (multi-site) application capable of operating offline.

I would like to be able to configure each instance of Keycloak remotely and individually from a Keycloak administration instance. In addition, each instance has its own users, policies and permissions.

How can I achieve this?


回答1:


If you are new to Keycloak I would suggest starting by reading its documentation it will make your life easier when it comes to make decision.

In addition, each instance has its own users, policies and permissions.

From the Keycloak Documentation section Core Concepts and Terms one can read the following:

realms : A realm manages a set of users, credentials, roles, and groups. A user belongs to and logs into a realm. Realms are isolated from one another and can only manage and authenticate the users that they control.

Which seams suitable to cover that requirement.

I would like to be able to configure each instance of Keycloak remotely and individually from a Keycloak administration instance.

That is not possible, you can however, have multiple Keycloak instances doing Identity Brokering against the same Keycloak instance. From the documentation about Identity Brokering one can read:

An Identity Broker is an intermediary service that connects multiple service providers with different identity providers. As an intermediary service, the identity broker is responsible for creating a trust relationship with an external identity provider in order to use its identities to access internal services exposed by service providers.

From a user perspective, an identity broker provides a user-centric and centralized way to manage identities across different security domains or realms. An existing account can be linked with one or more identities from different identity providers or even created based on the identity information obtained from them.

With this approach a user would be redirected to the leading page of the main Keycloak instance, and then could chose to login to a specific Keycloak instance.




回答2:


You probably don't need different instances to do what you described. It seems more apropriate to use different realms. Realms have independent users, roles, groups, password policies and more.




回答3:


Keycloack can already handle multi-tenancy you don<t need to set up a Keycloack instance for each organization. Just define a specific realm for each organization.



来源:https://stackoverflow.com/questions/65489960/setting-up-a-multi-tenancy-application

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!