设置多租户应用程序
Setting up a multi Tenancy application
我目前正在开发能够脱机运行的分布式(多站点)应用程序。
我希望能够从 Keycloak 管理实例远程单独配置 Keycloak 的每个实例。此外,每个实例都有自己的用户、策略和权限。
我怎样才能做到这一点?
您可能不需要不同的实例来执行您描述的操作。使用不同的领域似乎更合适。领域有独立的用户、角色、组、密码策略等。
Keycloak 已经可以处理多租户,您不需要为每个组织设置一个 Keycloak 实例。只需为每个组织定义一个特定的领域。
如果您是 Keycloak 的新手,我建议您先阅读其文档,这将使您在做决定时更轻松。
In addition, each instance has its own users, policies and
permissions.
从 Keycloak Documentation 部分 Core Concepts and Terms 可以阅读以下内容:
领域
:领域管理一组用户、凭据、角色和组。用户属于并登录到一个领域。领域彼此隔离,只能管理和验证他们控制的用户。
哪些接缝适合满足该要求。
I would like to be able to configure each instance of Keycloak
remotely and individually from a Keycloak administration instance.
这是不可能的,但是您可以让多个 Keycloak 实例对同一个 Keycloak 实例执行 Identity Brokering。从有关 Identity Brokering 的文档中可以阅读:
An Identity Broker is an intermediary service that connects multiple
service providers with different identity providers. As an
intermediary service, the identity broker is responsible for creating
a trust relationship with an external identity provider in order to
use its identities to access internal services exposed by service
providers.
From a user perspective, an identity broker provides a user-centric
and centralized way to manage identities across different security
domains or realms. An existing account can be linked with one or more
identities from different identity providers or even created based on
the identity information obtained from them.
使用这种方法,用户将被重定向到主 Keycloak 实例的首页,然后可以选择登录到特定的 Keycloak 实例。
我目前正在开发能够脱机运行的分布式(多站点)应用程序。
我希望能够从 Keycloak 管理实例远程单独配置 Keycloak 的每个实例。此外,每个实例都有自己的用户、策略和权限。
我怎样才能做到这一点?
您可能不需要不同的实例来执行您描述的操作。使用不同的领域似乎更合适。领域有独立的用户、角色、组、密码策略等。
Keycloak 已经可以处理多租户,您不需要为每个组织设置一个 Keycloak 实例。只需为每个组织定义一个特定的领域。
如果您是 Keycloak 的新手,我建议您先阅读其文档,这将使您在做决定时更轻松。
In addition, each instance has its own users, policies and permissions.
从 Keycloak Documentation 部分 Core Concepts and Terms 可以阅读以下内容:
领域 :领域管理一组用户、凭据、角色和组。用户属于并登录到一个领域。领域彼此隔离,只能管理和验证他们控制的用户。
哪些接缝适合满足该要求。
I would like to be able to configure each instance of Keycloak remotely and individually from a Keycloak administration instance.
这是不可能的,但是您可以让多个 Keycloak 实例对同一个 Keycloak 实例执行 Identity Brokering。从有关 Identity Brokering 的文档中可以阅读:
An Identity Broker is an intermediary service that connects multiple service providers with different identity providers. As an intermediary service, the identity broker is responsible for creating a trust relationship with an external identity provider in order to use its identities to access internal services exposed by service providers.
From a user perspective, an identity broker provides a user-centric and centralized way to manage identities across different security domains or realms. An existing account can be linked with one or more identities from different identity providers or even created based on the identity information obtained from them.
使用这种方法,用户将被重定向到主 Keycloak 实例的首页,然后可以选择登录到特定的 Keycloak 实例。