54 lines
No EOL
2 KiB
Text
54 lines
No EOL
2 KiB
Text
|
|
==== Multi Tenancy
|
|
|
|
Multi Tenancy, in our context, means that a single target application (WAR) can be secured with multiple {project_name} realms. The realms can be located
|
|
one the same {project_name} instance or on different instances.
|
|
|
|
In practice, this means that the application needs to have multiple `keycloak.json` adapter configuration files.
|
|
|
|
You could have multiple instances of your WAR with different adapter configuration files deployed to different context-paths. However, this may be inconvenient
|
|
and you may also want to select the realm based on something else than context-path.
|
|
|
|
{project_name} makes it possible to have a custom config resolver so you can choose what adapter config is used for each request.
|
|
|
|
To achieve this first you need to create an implementation of `org.keycloak.adapters.KeycloakConfigResolver`. For example:
|
|
|
|
[source,java]
|
|
----
|
|
package example;
|
|
|
|
import org.keycloak.adapters.KeycloakConfigResolver;
|
|
import org.keycloak.adapters.KeycloakDeployment;
|
|
import org.keycloak.adapters.KeycloakDeploymentBuilder;
|
|
|
|
public class PathBasedKeycloakConfigResolver implements KeycloakConfigResolver {
|
|
|
|
@Override
|
|
public KeycloakDeployment resolve(OIDCHttpFacade.Request request) {
|
|
if (path.startsWith("alternative")) {
|
|
KeycloakDeployment deployment = cache.get(realm);
|
|
if (null == deployment) {
|
|
InputStream is = getClass().getResourceAsStream("/tenant1-keycloak.json");
|
|
return KeycloakDeploymentBuilder.build(is);
|
|
}
|
|
} else {
|
|
InputStream is = getClass().getResourceAsStream("/default-keycloak.json");
|
|
return KeycloakDeploymentBuilder.build(is);
|
|
}
|
|
}
|
|
|
|
}
|
|
----
|
|
|
|
You also need to configure which `KeycloakConfigResolver` implementation to use with the `keycloak.config.resolver` context-param in your `web.xml`:
|
|
|
|
[source,xml]
|
|
----
|
|
<web-app>
|
|
...
|
|
<context-param>
|
|
<param-name>keycloak.config.resolver</param-name>
|
|
<param-value>example.PathBasedKeycloakConfigResolver</param-value>
|
|
</context-param>
|
|
</web-app>
|
|
---- |