Uploaded image for project: 'Red Hat 3scale API Management'
  1. Red Hat 3scale API Management
  2. THREESCALE-209

Multiple SSO Realms per Provider account

XMLWordPrintable

    • Icon: Feature Request Feature Request
    • Resolution: Done
    • Icon: Blocker Blocker
    • 2.1 CR1
    • 2.0 GA
    • System
    • 0
    • 0% 0%

      An overview of this request is to essentially allow a mapping of realm to service on the admin platform. This is specifically around the integration with RH SSO but I think it could be relevant to other IdP integrations also.

      As described by the customer:

      1. In the management part of 3Scale, you can configure a realm for a service.
      2. The gateway fetches the configuration (a Map: service->realm) together with all the other configs that it needs.
      3. The gateway uses the map in order to create the url needed to call keycloak (e.g. 'https://sso-domain.net:443/auth/realms/realm' ). There are 2 possible scenarios that we see:
      a. The base URL is an environment variable for the Apicast cluster and the realm from the map will be attached to that url:

      {sso-base-url}

      /

      {realm}

      b. In the management part of 3Scale you do not only configure a realm, but the whole sso-address including the realm. So the gateway would find the url in the service->sso-url-map.
      c. Third option ?

            Unassigned Unassigned
            rhn-support-keprice Kevin Price
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated:
              Resolved: