Identityserver4.admin: Multitenant support

Created on 25 Oct 2018  路  8Comments  路  Source: skoruba/IdentityServer4.Admin

Hello,

First of all, nice job. Really useful and clear admin UI for IS4.

Any plan to support multi-tenant identity strategies? I know that is not an easy architecture, but it has become very popular concept (and we use it in our service model :) )

Would you consider adding this feature?

I would be willing to help.

help wanted medium task
Source
picture dpoblacion
👍3

All 8 comments

Hi @dpoblacion
great question, currently - I don't have any experience with multitenant support and I have to explore more details about it, but if you are able to provide some details/PR - feel free to do it. :)

Thanks!

skoruba picture skoruba on 26 Oct 2018
👍1

In the simplest form it would be:

  1. ASP.NET Identity

    • Add a Tenant entity

    • Have the User point to the Tenant (foreign key)

    • The username alone is not unique anymore, the combination (Tenant,username) is

    • Implement a UserStore that enforces this

  2. IdentityServer4 Storage

    • Implement a ClientStore. The combination (Tenant,ClientId) should be unique

  3. The application hosting IdentityServer4 (and the AdminUI)

    • Implement a strategy to dynamically resolve the tenant for each request. Sub-domain based is probably the most straightforward, but could be whatever

    • All related DI should employ this

I most likely am missing something, but this would be the most basic - users and clients are per tenant, the rest is shared. It can get more complex with roles, resources, scopes, claims etc. per tenant.

Alternatively, another way would be to have a different set of databases for each tenant. Resolve the tenant on the fly, generate the appropriate connection(s) and feed them down to the backing stores. This requires no changes to ASP.NET Identity or IdentityServer4 storage.

Peperud picture Peperud on 18 Apr 2019

The different database per tenant strategy is certainly easier and could solve a lot of use cases alone before venturing into implementing the one where application logic enforces the separation.

TomasHubelbauer picture TomasHubelbauer on 18 Apr 2019

It is not without its problems...Connection pooling and IdentityServer caching come to mind.

Peperud picture Peperud on 19 Apr 2019
👍1

Hey,
I am developing the multi tenancy. I'm so close to finish. You can look link

mperk picture mperk on 27 Jun 2020
1

Hi @skoruba ,
When I look at the IdentityService and IdentityRepository, I saw it used IdentityUser and IdentityRole entities. The entities namespace in the Microsoft.AspNetCore.Identity
I must change IdentityUser and IdentityRole with the UserIdentityRole and UserIdentity. Also other identity entities must change. Because they have now TenantId.
Do you have any easy way advice? You can look to details in my fork: link

mperk picture mperk on 3 Jul 2020

Hi @mperk
Did you manage to solve the Multi tenancy because I am very interested to make it work too!

iCoder1 picture iCoder1 on 9 Apr 2021

Hi @iCoder1 ,
Yes, i solved it and i sent a pr here: https://github.com/skoruba/IdentityServer4.Admin/pull/661
It may be old because It didn't merge but it is working on my fork.

mperk picture mperk on 9 Apr 2021
Was this page helpful?
0 / 5 - 0 ratings

Related issues

gokayokutucu picture gokayokutucu  路  3Comments
Aegide picture Aegide  路  4Comments
xmichaelx picture xmichaelx  路  3Comments
skoruba picture skoruba  路  4Comments
saeedrahimi picture saeedrahimi  路  3Comments