1.17. マルチテナンシー
OpenID Connect (OIDC) マルチテナンシー の処理方法と同様に、テナントごとにポリシーエンフォーサー設定をセットアップできます。以下に例を示します。
quarkus.keycloak.policy-enforcer.enable=true # Default Tenant quarkus.oidc.auth-server-url=${keycloak.url:replaced-by-test-resource}/realms/quarkus quarkus.oidc.client-id=quarkus-app quarkus.oidc.credentials.secret=secret quarkus.keycloak.policy-enforcer.enforcement-mode=PERMISSIVE quarkus.keycloak.policy-enforcer.paths.1.name=Permission Resource quarkus.keycloak.policy-enforcer.paths.1.paths=/api/permission quarkus.keycloak.policy-enforcer.paths.1.claim-information-point.claims.static-claim=static-claim # Service Tenant quarkus.oidc.service-tenant.auth-server-url=${keycloak.url:replaced-by-test-resource}/realms/quarkus quarkus.oidc.service-tenant.client-id=quarkus-app quarkus.oidc.service-tenant.credentials.secret=secret quarkus.keycloak.service-tenant.policy-enforcer.enforcement-mode=PERMISSIVE quarkus.keycloak.service-tenant.policy-enforcer.paths.1.name=Permission Resource Service quarkus.keycloak.service-tenant.policy-enforcer.paths.1.paths=/api/permission quarkus.keycloak.service-tenant.policy-enforcer.paths.1.claim-information-point.claims.static-claim=static-claim # WebApp Tenant quarkus.oidc.webapp-tenant.auth-server-url=${keycloak.url:replaced-by-test-resource}/realms/quarkus quarkus.oidc.webapp-tenant.client-id=quarkus-app quarkus.oidc.webapp-tenant.credentials.secret=secret quarkus.oidc.webapp-tenant.application-type=web-app quarkus.oidc.webapp-tenant.roles.source=accesstoken quarkus.keycloak.webapp-tenant.policy-enforcer.enforcement-mode=PERMISSIVE quarkus.keycloak.webapp-tenant.policy-enforcer.paths.1.name=Permission Resource WebApp quarkus.keycloak.webapp-tenant.policy-enforcer.paths.1.paths=/api/permission quarkus.keycloak.webapp-tenant.policy-enforcer.paths.1.claim-information-point.claims.static-claim=static-claim
quarkus.keycloak.policy-enforcer.enable=true
# Default Tenant
quarkus.oidc.auth-server-url=${keycloak.url:replaced-by-test-resource}/realms/quarkus
quarkus.oidc.client-id=quarkus-app
quarkus.oidc.credentials.secret=secret
quarkus.keycloak.policy-enforcer.enforcement-mode=PERMISSIVE
quarkus.keycloak.policy-enforcer.paths.1.name=Permission Resource
quarkus.keycloak.policy-enforcer.paths.1.paths=/api/permission
quarkus.keycloak.policy-enforcer.paths.1.claim-information-point.claims.static-claim=static-claim
# Service Tenant
quarkus.oidc.service-tenant.auth-server-url=${keycloak.url:replaced-by-test-resource}/realms/quarkus
quarkus.oidc.service-tenant.client-id=quarkus-app
quarkus.oidc.service-tenant.credentials.secret=secret
quarkus.keycloak.service-tenant.policy-enforcer.enforcement-mode=PERMISSIVE
quarkus.keycloak.service-tenant.policy-enforcer.paths.1.name=Permission Resource Service
quarkus.keycloak.service-tenant.policy-enforcer.paths.1.paths=/api/permission
quarkus.keycloak.service-tenant.policy-enforcer.paths.1.claim-information-point.claims.static-claim=static-claim
# WebApp Tenant
quarkus.oidc.webapp-tenant.auth-server-url=${keycloak.url:replaced-by-test-resource}/realms/quarkus
quarkus.oidc.webapp-tenant.client-id=quarkus-app
quarkus.oidc.webapp-tenant.credentials.secret=secret
quarkus.oidc.webapp-tenant.application-type=web-app
quarkus.oidc.webapp-tenant.roles.source=accesstoken
quarkus.keycloak.webapp-tenant.policy-enforcer.enforcement-mode=PERMISSIVE
quarkus.keycloak.webapp-tenant.policy-enforcer.paths.1.name=Permission Resource WebApp
quarkus.keycloak.webapp-tenant.policy-enforcer.paths.1.paths=/api/permission
quarkus.keycloak.webapp-tenant.policy-enforcer.paths.1.claim-information-point.claims.static-claim=static-claim