2

use case

explanation

in icCube

  • one server instance
  • icCube users only need to access the reporting
  • icCube is used to for a standard reporting solution for an industry vertical and can be used by multiple clients, each having their own (copy of the) structures that work with their own data
  • a client can grant one or more users access to their own dashboards in icCube

authorization requirement

  • it should be possible to link authorization to the client's identity management system (such as AD)
  • for others, it should be possible to assign a local admin at the client that can give access to their own environment to whom they wih
  • for the rest, it should be possible for a centralized admin to maintain access

a perfect job for ... keycloak

  • keycloak needs for each of the requirements a seperate realm with client (see picture)

The icCube documentation only makes mention of one Realm & client.

the question

Is it possible to use multiple keycloak realms & clients with one instance of icCube?

See also icCube documentation on keycloak integration

Arthur
  • 1,692
  • 10
  • 14

1 Answers1

1

Right now this is not possible.

The keycloak.json file is used to connect to a Keycloak server that is going to authenticate the HTTP request. So you would need somehow a way to determine which keycloak.json file to use based on the HTTP request before using it meaning having different URL and/or URLs with a specific parameter.

Possibly the multi-tenant support could be extended to be able to configure an authentication logic per tenant with the same constraint about the URL value.

Hope that helps.

Marc Polizzi
  • 9,275
  • 3
  • 36
  • 61
  • Thanks for you answer. Good to know that it could be made possible. Fro now, it is not (yet) requried, but I will come back to you if I need it for a client. – Arthur Sep 20 '19 at 08:14