0

I am trying to use Keycloack for a multi-tenant application, apparently , using a realm per tenant is not a good idea as per this post

so, what I was trying to do is to use something else to save the tenant id to the registered users.

for users registering using keycloak, I plan to implement a custom registration page that takes the tenant id from the url parameters, and pass it to the property profile.website.

The problem here is when using IDP's like google. I know in oauth2 , it is possible to pass state query parameter, which will be returned back when the authentication is successful, apparently keycloak uses this to save the session.

The question here is , is there a standard way to make keycloak save the tenant Id to the user data while being an IDP broker?

ahmed galal
  • 109
  • 8
  • We are using keycloak with quarkus in a multitenant environment without issues, Are you going to require more than 100 different tenants??, What we did was to group clients by environment this way they can share tenant within keycloak for environments with a lot of users and our application internally know the mapping between each user and it's specific data, so in the routing we know to what tenant redirect the user. – Javier Toja Jun 17 '21 at 14:35
  • So, you used tenant per client, and scaled horizontally? – ahmed galal Jun 18 '21 at 16:01
  • We group clients and each group has a keycloak instance itself, so each group always is in a keycloak with enough room a good performance to handle the load. Due to the multitenancy approach, we also have a schema and a realm per client, so we can easly add and remove more clients and handle to what keycloak instance they go through configuration. The key point is not to scale horizontally with realms rathen than with instances. You have to see in what dimension your keycloak instance is going to grow more, in realms or in users inside the realm. – Javier Toja Jun 21 '21 at 07:53

0 Answers0