-
-
Notifications
You must be signed in to change notification settings - Fork 20
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Your application validates from both the realms #2
Comments
You have a clear authentication context. You may place the tenant identification on the principal and e.g. annotate endpoints to match this. You could even add some logic in between that ties a user and a tenant to a business defined "functional role" per tenant. There are endless possibilities. |
There are tons of solution to this problem. At the top of my head you can separate the set of endpoints per tenant by adding a prefix to the URL like /tenant1/api/ then use Spring Aspect around invoke to compare the value of the realm to the one in the URL. But really, it's already up to you. |
Can you suggest an example with spring Aspect? |
ok .. i've now searching for weeks for a solution until finding this single issue here ... |
Hi @goafabric, can you describe what specifically is your problem and why this solution does not work for your use case? |
hi @czetsuya as @AasthaSethia already described ... I guess (the combination of) spring securoty and the keycloak adapter does not take the tenantid into account of the session ... So it would be nice to have a working example. e.g. the Quarkus OIDC Implementation does everything right of the box .. simple multi tenancy and when changing you have to relogin |
Hi, @goafabric @AasthaSethia did you figure out the workaround for this issue? |
Ideally realm A should only be allowed to access endpoint with realm A in it but in your application once login has happened via realm a, even endpoint with realm B is accessed. can you please guide me what can be done to rectify this?
The text was updated successfully, but these errors were encountered: