是否可以在一个领域内完成Keycloak中的多租户? [英] Can multi-tenancy in Keycloak be done within a single realm?
问题描述
首先,我很了解Keycloak中的多领域多租户方法.我已经接管了一个遗留项目,没有人想到多租户.现在,两年后,突然,客户需要此功能.实际上,微服务是为这种情况开箱即用的.
First, I'm well aware of the multi-realm approach to multi-tenancy in Keycloak. I've taken over a legacy project where nobody thought of multi-tenancy. Now, two years later, suddenly, the customer needs this feature. Actually, the microservices are prepared for this scenario out-of-the-box.
客户开发了一个移动应用程序,该应用程序通过我们的keycloak实例上的API使用帐号(作为用户名)和密码对用户进行身份验证.现在,他想在登录信息中添加一个租户ID.
The customer develops a mobile app that authenticates users via API on our keycloak instance with an account number (as username) and a password. Now, he'd like to add an tenant id to the login information.
客户希望避免使用多个端点,这是多领域解决方案所需要的.
The customer wants to avoid using several endpoints as a multi-realm solution would demand.
第一个想法是在注册时将租户ID和帐户ID串联在一起.但这是一种臭气冲冲的方法.
One first idea was to just concatenate tenant-id and account-id on registration. But that's a smelly approach.
因此,我的想法是,可能存在一种配置Keycloak的方法,即我将自定义tenantid字段与username一起添加,该字段的作用类似于数据库世界中的复合主键.
So, my thought was that there may be a way to configure Keycloak in a way that I add a custom tenantid field together with username that acts just like a composite primary key in the database world.
这样的配置可行吗?是否有另一种方法可以使用单个领域来实现多租户行为?
Is such a configuration possible? Is there another way to achieve multi-tenancy behaviour using a single realm?
推荐答案
我不能肯定地说,但是经过一番研究,我发现了这一点:
I can't say for sure, but after some research, I found this:
此网站列出了所有这些信息以及更多信息:
This website lists all of this together with more information:
https://lists.jboss.org/pipermail /keycloak-user/2017-June/010854.html
检查一下,这可能会帮助您轻松地进行数据组织.
Check it out, it may help with your data organization in key-cloak.
这篇关于是否可以在一个领域内完成Keycloak中的多租户?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
