Keycloak: muti-tenant architecture with multi-step authentication process
117 views
Skip to first unread message
Mekki Amiri
Sep 13, 2022, 8:33:03 AM9/13/22
to Keycloak User
Hello,
I would like to implement, this authentication scenario:
- user goes to first screen that expects the organisation name
- then a new screen to authenticate in a target tenant
We have a realm per organisation.
I see in the discussion group a similar discussion: https://lists.jboss.org/pipermail/keycloak-user/2018-July/014874.html
The suggested solution is:
- implement a custom authenticator that will be used by the master realm
- extract the organisation name (the realm) then redirect to the target realm
I did not understand if the redirection is inside the custom authenticator or I need to add an external server.
Could you please give additional informations and if possible code samples.
Could you please give additional informations and if possible code samples.
Thanks in advance,
Best regards,
Mekki
Mekki
Tony Harris
Sep 13, 2022, 9:42:55 AM9/13/22
to Mekki Amiri, Keycloak User
We went with the 2nd option. We have a separate application that accepts some user input and forwards the browser to the correct realm login page. We could have had the application do look ups directly into Keycloak to identify the realm using KC API calls. Instead we built a whole solution around provisioning tenancies in our application that created realms/clients/scopes and events listeners in KC via the API's. It populates appropriate meta-data into our external applications database and we look it up from there.
We also use some custom event listeners in KC to keep things in sync.
--
You received this message because you are subscribed to the Google Groups "Keycloak User" group.
To unsubscribe from this group and stop receiving emails from it, send an email to keycloak-use...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/keycloak-user/000b124b-69bf-4d78-94bb-e44a941f1bf4n%40googlegroups.com.
Mekki Amiri
Sep 13, 2022, 9:54:53 AM9/13/22
to Keycloak User
Thanks for the reply.
Is your suggestion compliant to SSO ?
Do you have some samples to help ?
Thanks
Do you have some samples to help ?
Thanks
Mekki Amiri
Sep 13, 2022, 2:57:13 PM9/13/22
to Keycloak User
Hi,
If someone know how to tackle this problem with single authentication screen or multiple screens, please suggest
If someone know how to tackle this problem with single authentication screen or multiple screens, please suggest
Thanks
On Tuesday, September 13, 2022 at 3:42:55 PM UTC+2 anthonya...@gmail.com wrote:
Reply all
Reply to author
Forward
0 new messages