You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
And having a KeycloakConfigResolver Implementation.
However if i am inside Tenant A, i have to login once inside the Browser and everything is fine.
Howevery when changing to Tenant B (in my case currently via HTTP Header), i am still logged and the Authenticated user from Tenant A can now access all the data from Tenant B.
Thats just .. wrong ...
My expectation is, that when changing the tenant, i have to relogin.
When using BEARER_TOKEN via curl... everything works as expected, the TOKEN from Tenant A of course does not work with Tenant B.
Also when using the Quarkus OIDC Implementation, also works as expected.
So i suspect that the Code inside the Web Browser are the cause for this... maybe ...
While Quarkus also applies the tenant_id to its cookies, the keycloak-adapter does not .. not sure if this helps though.
So i would be glad if someone can pinpoint me into the right direction.
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
Uh oh!
There was an error while loading. Please reload this page.
-
Hello everybody,
I am currently having a hard time implementing Spring Boot and Multi Tenancy.
Basically it works pretty simple be following the guide:
https://www.keycloak.org/docs/latest/securing_apps/#_spring_security_adapter
And having a KeycloakConfigResolver Implementation.
However if i am inside Tenant A, i have to login once inside the Browser and everything is fine.
Howevery when changing to Tenant B (in my case currently via HTTP Header), i am still logged and the Authenticated user from Tenant A can now access all the data from Tenant B.
Thats just .. wrong ...
My expectation is, that when changing the tenant, i have to relogin.
When using BEARER_TOKEN via curl... everything works as expected, the TOKEN from Tenant A of course does not work with Tenant B.
Also when using the Quarkus OIDC Implementation, also works as expected.
So i suspect that the Code inside the Web Browser are the cause for this... maybe ...
While Quarkus also applies the tenant_id to its cookies, the keycloak-adapter does not .. not sure if this helps though.
So i would be glad if someone can pinpoint me into the right direction.
thx
Beta Was this translation helpful? Give feedback.
All reactions