Building Scalable Multi-Tenancy Authentication and Authorization using Open Standards and Open-Source Software: Keycloak, OpenFGA and Apache APISIX
This repository contains a PoC implemented with Keycloak integrated with OpenFGA and Apache APISIX on how build a scalable multi-tenancy architecture based Open Standards and Open-Source Software (OSS).
This workshop is based the following article Building Scalable Multi-Tenancy Authentication and Authorization using Open Standards and Open-Source Software. You will find there full details about the authorization architecture guidelines and involved components.
- Keycloak: New Organization Feature
- Keycloak OpenFGA Event Publisher Extension: New support for synchronizing the organization model
- Apache APISIX Authorization OpenFGA Plugin: New support for multiples policies with condition (AND / OR)
- Install Git, Docker and Docker Compose in order to run the steps provided in the next section
-
Clone this repository
git clone https://github.com/embesozzi/keycloak-openfga-multitenancy-workshop cd keycloak-openfga-multitenancy-workshop -
Execute following Docker Compose command to start the deployment
./mutitenancy-workshop.sh
-
To be able to use this environment, you need to add this line to your local HOSTS file:
127.0.0.1 payplus.lab keycloak openfga
-
Access the following web UIs using URLs bellow via a web browser.
Component URI Credential Image Keycloak Console http://keycloak:8081 admin / password quay.io/keycloak/keycloak:26.0.6 OpenFGA Playground http://localhost:3000/playground openfga/openfga:v1.8.0 PayPlus Portal http://payplus.lab:4000 ghcr.io/twogenidentity/demoapp-payplus-multitenancy
The test cases are described in the article Building Scalable Multi-Tenancy Authentication and Authorization using Open Standards and Open-Source Software.
