Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

add multi-tenancy support to keycloak-authorization #16973

Closed
joggeli34 opened this issue May 4, 2021 · 3 comments · Fixed by #17050
Closed

add multi-tenancy support to keycloak-authorization #16973

joggeli34 opened this issue May 4, 2021 · 3 comments · Fixed by #17050
Labels
area/keycloak-authorization area/oidc kind/enhancement New feature or request
Milestone
2.0.0.Alpha3

Comments

@joggeli34
Copy link
Contributor

Description

Add multi-tenancy support to keycloak-authorization so that it can be used together with the oidc-multi-tenancy.

Implementation ideas

Configuration could be similar to the oidc-configuration:

# for default tenant
quarkus.keycloak.policy-enforcer.enable=true

# for specific tenant
quarkus.keycloak."tenant".policy-enforcer.enable=true
@joggeli34 joggeli34 added the kind/enhancement New feature or request label May 4, 2021
@quarkus-bot
Copy link

quarkus-bot bot commented May 4, 2021

/cc @pedroigor

@pedroigor
Copy link
Contributor

pedroigor commented May 4, 2021
edited

If we could leverage the existing support from OIDC that would be awesome. But I think it would require some refactoring on keycloak-authorization config. Do you agree, @sberyozkin ?

I can only see a 1:1 mapping between OIDC and keycloak-authorization tenants.

@sberyozkin
Copy link
Member

@pedroigor Hi Pedro, yeah, definitely, we can do it for the static tenants easily - by the time Keycloak Policy enforcer is called RoutingContext will already have a resolved tenant-id attribute. I reckon it would be reasonable to restrict it to the static tenants for now....

@sberyozkin sberyozkin mentioned this issue May 6, 2021
Merged
@quarkus-bot quarkus-bot bot added this to the 2.0 - main milestone May 12, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area/keycloak-authorization area/oidc kind/enhancement New feature or request
Projects
None yet
Milestone
2.0.0.Alpha3
Development

Successfully merging a pull request may close this issue.

Support Multi-Tenancy in Keycloak Authorization sberyozkin/quarkus
3 participants
@sberyozkin @pedroigor @joggeli34