Excerpt |
---|
Creates a new tenant with the values for the corresponding parameters specified in JSON format. Required settings for Keycloak and yuuvis® Momentum core are passed as well as custom (= product application) settings. |
A Keycloak realm with a name
and description
is created together with the initial default technial user admin
that you can use as a proxy user in your portal for tenant management. The values for name
and description
can be displayed in the Keycloak Admin Console as Realm Name and Display name as shown in the first screenshot below.
The parameters available for defining Keycloak settings are described for the POST /tenant-management/api/system/profile endpoint. These parameters determine the settings for each further tenant that will be created. They are optional and the default values lead to the configuration shown below.
In the yuuvis® Momentum system, a tenant with the same name
will be created as well. No further configurations are set up. For additional configurations like tenant schema or extensions of the role set, a custom microservice can be configured in the profile. It will be called after each tenant creation process and add the defined extending configurations.
After creating a new yuuvis® tenant, the newly created admin
user can be used to access the system using the core API, yuuvis® architect, or yuuvis® reference client.
Meaning of the response status codes:
HTTP Status Code | Meaning |
---|
201 CREATED | Successful, the tenant with the name has been created. |
401 UNAUTHORIZED | The call was unauthorized. |
Default Configuration for Tenant Creation
Click on a screenshot to view it in its original size.
Realm
The HTML Display name shown in the screenshot defines the yuuvis® theme for the design of the Keycloak login page (left-hand side with the branding and the tenant name).
yuuvis®-themed Keycloak login dialog:
Login
These are the set-up Keycloak login parameters. They affect the login dialog as well.
E-mail
These are the default parameters for e-mail invitations that can be sent to new users.
Password Policy
These are the set-up Keycloak Password Policy parameters:
Roles and Initial User
The following yuuvis roles are set per default for each tenant:
- YUUVIS_DEFAULT (briefly: full access to every object via default role set)
- YUUVIS_CREATE_OBJECT (briefly: create objects)
- YUUVIS_MANAGE_SETTINGS (briefly: save result list column and filter configurations as standard)
- YUUVIS_TENANT_ADMIN (briefly: update schema, rolse set, maintain users, ... for the tenant)
- YUUVIS_SYSTEM_INTEGRATOR (briefly: update global schemata and role sets for the system, create tenants)
The admin
user is created for each tenant with all the above roles assigned.
Client
These are the Keycloak Client parameters that are set for the internal communication with yuuvis® AUTHENTICATION Service:
The Root URL displayed in the screenshot has to be specified in the management
helmchart in the values.yaml
file. In the apitm
section under client, the rooturl
parameter has to be specified. If the tenant name is handled as a subdomain, a placeholder of the following structure can be set: http://${TENANT_NAME}/exampledomain