Hi,
I am actually trying to deploy a vanilla Java EE app with multi-tenancy (Tomcat 8.5 used as server).
I have my keycloak running on a Docker instance with 2 realms configured (18.0.2 version).
Standard configuration (one tenant) is working :
With a single keycloak.json and a keycloak Filter, application is reaching login page and everything is fine.
In other hand, when we activate multi-tenant configuration, we got a 403 directly.
web.xml
<filter>
<filter-name>Keycloak Filter</filter-name>
<filter-class>org.keycloak.adapters.servlet.KeycloakOIDCFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>Keycloak Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<context-param>
<param-name>keycloak.config.resolver</param-name>
<param-value>com.example.demo.MultiTenantResolver</param-value>
</context-param>
Custom Java resolver :
package com.example.demo;
import org.keycloak.adapters.KeycloakConfigResolver;
import org.keycloak.adapters.KeycloakDeployment;
import org.keycloak.adapters.KeycloakDeploymentBuilder;
import org.keycloak.adapters.OIDCHttpFacade;
public class MultiTenantResolver implements KeycloakConfigResolver {
@Override
public KeycloakDeployment resolve(OIDCHttpFacade.Request request)
{
var url = request.getRelativePath();
if (url.contains("development")) {
return KeycloakDeploymentBuilder.build(getClass().getResourceAsStream("/keycloak/development.json"));
}
return KeycloakDeploymentBuilder.build(getClass().getResourceAsStream("/keycloak/production.json"));
}
}