How to Configure Multitenancy in Keycloak with Spring API Gateway Integration

This page summarizes the projects mentioned and recommended in the original post on dev.to
HTTP Server Web programming HTTP Keycloak keycloak-provider

WorkOS
Our great sponsors
  • WorkOS - The modern identity platform for B2B SaaS
  • InfluxDB - Power Real-Time Data Analytics at Scale
  • SaaSHub - Software Alternatives and Reviews
Our great sponsors

  • ct-keycloak-iam

    This project extends the Keycloak authentication server to cover complicated enterprise use cases such as multi-tenancy, custom storage, n-level resellers by extending Keycloak through its SPIs such as storage, authentication, and identity provider.

    • For this exercise, we will use a custom Keycloak server from https://github.com/czetsuyatech/ct-keycloak-iam. This project downloads a specific version of the Keycloak server and builds customizations such as theme, provider, realm, and more.

  • frank_jwt

    JSON Web Token implementation in Rust.

    • @GetMapping("/user-info") public String userInfo() { return getUserInfo(); } @SuppressWarnings("unchecked") private String getUserInfo() { KeycloakAuthenticationToken authentication = (KeycloakAuthenticationToken) SecurityContextHolder.getContext() .getAuthentication(); final Principal principal = (Principal) authentication.getPrincipal(); String tokenInfo = null; if (principal instanceof KeycloakPrincipal) { KeycloakPrincipal kPrincipal = (KeycloakPrincipal) principal; KeycloakSecurityContext ksc = kPrincipal.getKeycloakSecurityContext(); IDToken token = ksc.getIdToken(); AccessToken accessToken = kPrincipal.getKeycloakSecurityContext().getToken(); tokenInfo = accessToken.getSubject(); // this value is the one use to call another service as bearer token // Authorization : Bearer kcs.getTokenString() // use this link to read the token https://jwt.io return String.format("Hello %s %s [subject=%s]", accessToken.getGivenName(), accessToken.getFamilyName(), tokenInfo); } return "Hello World"; }

  • WorkOS

    The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.

    WorkOS logo

  • ct-multi-tenant-keycloak-spring

    • https://github.com/czetsuyatech/ct-multi-tenant-keycloak-spring (sponsors only)

  • httpbin

    HTTP Request & Response Service, written in Python + Flask.

    • @Bean public RouteLocator gatewayRouter(RouteLocatorBuilder builder, TokenRelayGatewayFilterFactory filterFactory) {   return builder.routes()     .route(p -> p.path("/test")         .uri("http://httpbin.org"))     .route("users", p -> p.path("/users/**")         .filters(f -> f.filter(filterFactory.apply()))         .uri("http://localhost:8001"))     .build(); }

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts