1

In the latest micro integrator versions, the multitenancy was removed, and instead, the micro services architecture is used. Every micro integrator is now a separate tenant and each micro integrator will have a unique port number. If we want to use the identity server 6.1.0, that still work using multitenancy, how can we link every IS domain with an MI instance?

For example, in the previous versions where EI supported multitenancy, we used to link the IS domain (tenant) to an EI domain (tenant) and append /t/[domainName] when calling certain tenant. How can we achieve this in the latest MI version?

user666
  • 1,750
  • 3
  • 18
  • 34
  • Can you elaborate on what you mean by linking MI and IS? – ycr Jul 03 '23 at 13:15
  • when the user authenticate, based on its domain, the calls should be redirected to the corresponding EI tenant /t/domain/api. Do we have similar concept with the micro integrator? – user666 Jul 03 '23 at 13:28

1 Answers1

0

Micro Integrator doesn't have product-level multi-tenancy support anymore. It uses Micro Services Architecture where each deployment can be considered as a separate tenant. This makes IS just an external service for MI, so if you want MI deployment A to connect with some service B in IS, you will have to handle that in MI itself. If Authentication is done against an AD, each MI deployment can be pointing to a different AD group etc.

Another way to look at the architecture.

enter image description here

ycr
  • 12,828
  • 2
  • 25
  • 45
  • 1
    so in other words, every MI would be for one tenant on IS ? example: if employees of branch A are under IS tenant A store, then the apis pointing to the A db should be deployed on MI A on a port 1, and employees of branch B should be under IS tenant B and their MI apis would be on a port 2 ? – user666 Jul 03 '23 at 13:39
  • Yes, that's correct. It all comes down to the architecture. So there is no one right way to do it. Also I'm not sure how you have integrated MI and IS, but if you don't want to handle this in the MI integration layer, you can write a custom authentication handler where based on the domain(or any other differentiating factor) it selects the correct endpoint. Something like this https://github.com/yasassri/wso2mi-authorization-handler – ycr Jul 03 '23 at 13:43