Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Can multi-tenancy in Keycloak be done within a single realm?

First, I'm well aware of the multi-realm approach to multi-tenancy in Keycloak. I've taken over a legacy project where nobody thought of multi-tenancy. Now, two years later, suddenly, the customer needs this feature. Actually, the microservices are prepared for this scenario out-of-the-box.

The customer develops a mobile app that authenticates users via API on our keycloak instance with an account number (as username) and a password. Now, he'd like to add an tenant id to the login information.

The customer wants to avoid using several endpoints as a multi-realm solution would demand.

One first idea was to just concatenate tenant-id and account-id on registration. But that's a smelly approach.

So, my thought was that there may be a way to configure Keycloak in a way that I add a custom tenantid field together with username that acts just like a composite primary key in the database world.

Is such a configuration possible? Is there another way to achieve multi-tenancy behaviour using a single realm?

like image 850
dajood Avatar asked Jun 20 '19 10:06

dajood


People also ask

How many realms can Keycloak handle?

As described in KEYCLOAK-4593, Keycloak struggles to scale beyond 100-200 realms. This proves to be a road-block to embrace Keycloak as the main component of a large scale multi-tenanted solution.

What is the difference between single and multi-tenant?

In a single-tenant cloud, each customer lives alone in a single apartment building which has its own security system and facilities and is completely isolated from neighboring buildings. In multi-tenant cloud architecture, tenants live in different apartments inside a single apartment building.

What is single instance multi-tenant?

Multi-Tenant – Multi-tenancy means that a single instance of the software and its supporting infrastructure serves multiple customers. Each customer shares the software application and also shares a single database. Each tenant's data is isolated and remains invisible to other tenants.

Which one of the following is a best practice for building multi-tenant apps?

Use Auth0 applications You can represent each of your tenants with a separate Auth0 application. This approach allows you to uniquely configure each Auth0 application based on varying tenant requirements, such as available connections. You'll need to track the tenants to which your users belong within your application.


1 Answers

I can't say for sure, but after some research, I found this:

Data Organization

This website lists all of this together with more information:

https://lists.jboss.org/pipermail/keycloak-user/2017-June/010854.html

Check it out, it may help with your data organization in key-cloak.

like image 175
Gaurav Mall Avatar answered Sep 17 '22 22:09

Gaurav Mall