TENANT-MANAGEMENT Service
Connection between identity provider and additional services. It can also be used as interface for role and user management for a tenant and to create and delete tenants in Keycloak.
Table of Contents
Characteristics
Service Name | tenant-management |
---|---|
Port Range | 8080 |
Profiles | prod,oauth2 |
Helm Chart | management |
Public API | Tenant Management Endpoints |
Function
Service that is responsable for the retrieval of information from the connected identity provider for Web-API Gateway, clients and business process management (if configured). Thus, you can connect any identity provider working with OAuth2.
In combination with Keycloak, it additionally provides the tenant and user management functionality used by yuuvis® architect.
Provides the API:
>> Tenant Management Endpoints
Requirements
>> yuuvis® Momentum Requirements - Tenant Management API
Configuration
Working with Keycloak
- First, create an initial Keycloak realm. Then create a user with the YUUVS_SYSTEM_INTEGRATOR role within this realm.
- Users calling endpoints of the system controller need the YUUVIS_SYSTEM_INTEGRATOR role.
- Users calling endpoints of the admin controller need the YUUVIS_TENANT_ADMIN role and must be a member of the Keycloak realm that is created when creating a yuuvis® Momentum tenant.
- Before creating the first tenant, the profile has to be saved via POST /tenant-management/api/system/profile by a user with the YUUVS_SYSTEM_INTEGRATOR role.
Working with any Identity Provider via OAuth2
As of 2022 Spring, the service can be configured such that the idm-controller endpoints retrieve their information from a custom IDM proxy. This proxy can be used to connect other identity providers than Keycloak for reading purposes. An example proxy service is available as a beta version on request.
Note: If the service is not combined with Keycloak, all endpoints not belonging to the idm-controller are not available and return a 404
error.
In order to connect such a custom IDM proxy, create a tenant-management-prod.yml
configuration file with the following parameters:
idm: custom: enabled: true base-url: http://IDM_HOST:port
The handling of profile-related configuration files is described for the core system.
>> Configuring Services using Profiles