设置多租户应用程序 [英] Setting up a multi Tenancy application

问题描述

我目前正在开发能够脱机运行的分布式(多站点)应用程序.

I am currently working on a distributed (multi-site) application capable of operating offline.

我希望能够从Keycloak管理实例远程地和单独地配置Keycloak的每个实例.此外，每个实例都有自己的用户，策略和权限.

I would like to be able to configure each instance of Keycloak remotely and individually from a Keycloak administration instance. In addition, each instance has its own users, policies and permissions.

我该如何实现?

推荐答案

如果您不熟悉Keycloak，我建议您先阅读其文档，这将使您的决策变得更加轻松.

If you are new to Keycloak I would suggest starting by reading its documentation it will make your life easier when it comes to make decision.

此外，每个实例都有自己的用户，策略和 权限.

In addition, each instance has its own users, policies and permissions.

在 Keycloak文档部分Core Concepts and Terms一个人可以阅读以下内容:

From the Keycloak Documentation section Core Concepts and Terms one can read the following:

领域 :领域管理一组用户，凭据，角色和组.用户属于并登录到领域.领域彼此隔离，只能管理和验证他们控制的用户.

realms : A realm manages a set of users, credentials, roles, and groups. A user belongs to and logs into a realm. Realms are isolated from one another and can only manage and authenticate the users that they control.

适合满足该要求的接缝.

Which seams suitable to cover that requirement.

我希望能够配置Keycloak的每个实例 可以从Keycloak管理实例远程独立地进行访问.

I would like to be able to configure each instance of Keycloak remotely and individually from a Keycloak administration instance.

这是不可能的，但是，您可以让多个Keycloak实例执行身份代理针对同一Keycloak实例.从有关身份代理的文档中，您可以阅读:

That is not possible, you can however, have multiple Keycloak instances doing Identity Brokering against the same Keycloak instance. From the documentation about Identity Brokering one can read:

Identity Broker是一种中介服务，可连接多个 具有不同身份提供商的服务提供商. 中介服务，身份经纪人负责创建 与外部身份提供商的信任关系，以便 使用其身份访问服务公开的内部服务 提供者.

An Identity Broker is an intermediary service that connects multiple service providers with different identity providers. As an intermediary service, the identity broker is responsible for creating a trust relationship with an external identity provider in order to use its identities to access internal services exposed by service providers.

从用户的角度来看，身份经纪人以用户为中心 集中式方式来管理跨不同安全性的身份 域或领域.现有帐户可以与一个或多个链接 来自不同身份提供者的身份，甚至基于 从他们那里获得的身份信息.

From a user perspective, an identity broker provides a user-centric and centralized way to manage identities across different security domains or realms. An existing account can be linked with one or more identities from different identity providers or even created based on the identity information obtained from them.

通过这种方法，用户将被重定向到主Keycloak实例的首页，然后可以选择登录到特定的Keycloak实例.

With this approach a user would be redirected to the leading page of the main Keycloak instance, and then could chose to login to a specific Keycloak instance.

这篇关于设置多租户应用程序的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！