so I have micro service application where one of those called auth_manager used to authenticate and register new user , I use the auth_manager to get token for user from keycloak , and other services that use that token to secure the request, in my auth_manager I implemented multi tenancy with multiple realms on keycloak and secured some of the apis, my issue is adding thte implementation for multi tenancy in spring security for each service is costly, therefore I decided to expose my own jwks endpoint that return the required jwks from keycloak and passed to the other resource services, my initial idea is exposing an endpoint in the auth_manger service, and use the endpoint to configure the jwks url in the spring security for other services, but as I mentioned that I have a a multi tenancy app therefore the url could change upon different realm, but I am stuck on how can I achieve this, any help would so much appreciated.
Asked
Active
Viewed 21 times
1 Answers
0
my issue is adding thte implementation for multi tenancy in spring security for each service is costly
It would not if you were using my starter: configuring a client or a resource server with "static" multi-tenancy is achieved with 0 Java conf (just application properties).
In the case where you want to achieve "dynamic" multi-tenancy, you'd still benefit from "my" starter by having just the authentication manager bean to expose (which could be easily achieved with a spring boot starter of your own).
ch4mp
- 6,622
- 6
- 29
- 49