I have multiple realms in my Keycloak server. I need to connect each realm to their own individual data sources .Is it possible in Keycloak?
For example:- If I have 3 realms say that realm1,realm2 and realm3 in my single Keycloak and 3 database servers db1,db2 and db3
I need to store data related to realm1 in db1 and realm2 in db2 and like that
Is it possible to connect to different databases from a single keycloak?
Related
Good afternoon,
I am writing a front-end for a research database that holds sensitive health information. My institution has a policy that user actions be logged by the SQL server so that they can perform audits on the server log files in the event of a breach.
Because of this policy, I cannot connect Django to the db as a system user (otherwise, all users of the front-end actions would be logged by the server as the Django system user instead as the actual user individually).
Is there a way to connect to the DB using per user credentials so that actions performed on the front end will be logged as that user on the db server? I have been able to find a lot of information about using multiple databases, but nothing about per user authentication of those databases.
Thank you in advanced!
I don't think you can do that, the user that connect to the database need to have access to all the tables.
I had a similar issue when I wanted to use Django models outside Django and restrict access to certain models for certain users.
I ended up using SQLAlchemy and its automap feature on the existing Django database. Then you can connect to the database using your SQL users.
However, if you don't mind all the users accessing all the tables and are only concerned about the logs, maybe you can use a different settings.py or at least a different DATABASES configuration for each user?
I was able to accomplish this by giving the SQL user the IMPERSONATE permission and performing EXECUTE AS prior to the DB queries that I needed to have logged in models.py.
cursor = self.connection.cursor()
try:
cursor.execute("EXECUTE AS " + get_current_user()
except DatabaseError as e:
cursor.close()
raise e
I want to implement a functionality where I want to change the database based on the user selected company.
For example:
When User A visit my site he needs to login, after the login he can search his company, until this point I am connecting the user to my server db; after he search his company and press the done button I have to make a connection to his server and dynamically change my server db to his company server db. (the reason of doing this is my web app is gonna used by multiple companies so companies gonna have different employee records so i have to connect to db of their server to get their employers records).
I am really confused how to achieve this what data I need to store in my db for making connection to different server db?
As far I researched I understood that I need to store the dbname,dbusername,dbPassword.
Do i need to store anything else? Do I need to store the host name too? Can any of you guide me how to achieve this?
Are you creating individual database as per the company name of that employee, or are you using same database for all the employees?
If you are creating individual database for individual users, you store the company name in to your users information table and when ever you are login, you fetch the company name of that user and store it in to session
and while fetching the record you use the stored company name in to the session for connecting to the database as :
suppose you want to fetch the record from companymaster or some other table you can use like as :
$companyName=$this->session->userdata('companyName');//stored company name in to the session
Now, use the table as
$this->db->from("$companyName"."Your Table Name");
Thanks.
I am building a multi tenant site.
Currently I am using mode="InProc" to store my sessionstate; but now planing to switch to sqlserver sessionstate.
My Question Is;
Can I maintain different database for sql sessionstate separated from my current database?
What will be the standard practice for multi tenant architecture with separate database for each client?
I mean
<connectionStrings>
// Connectionstring for my client data; suppose "DatabaseClient"
</connectionStrings>
//---------------------
// Here connection for sql session dataabse; suppose "DatabaseSession"
<sessionState
mode="SQLServer"
sqlConnectionString="server=127.0.0.1;uid=<user id>;pwd=<password>;" />
Yes you can. Store two connection string in connectionstrings section in config. One for business database and one for session storage database.if membership implement is custom for each tenant (custom profiles , roles ,password police's..etc ) the complexity may high in single session db else you are in correct way
I would like to create a Bash script, say queryserver.sh, that resides on ComputerA at IP 192.168.2.1, with USERA and password PASSA and queries a Postgresql database on ComputerB at IP 192.160.10.1 with user USERB and password PASSB for example.
In short, ComputerB has a PostgreSQL database table whose data is used to update a Postgresql table on ComputerA. ComputerA hosts the database used for a web application whereas ComputerB hosts backend number crunching functionalities.
In Microsoft SQL server, there is a concept of linked server, but I couldn't find the same concept on PostgreSQL.
Are there better ways than to use a Bash script and remotely invoke it using C++ CORBA?
There are many ways to solve this problem. psql can connect to remote hosts. You could also use ssh to run psql remotely. But since you referenced MSSQL's linked servers, the most comparable in PostgreSQL is the Foreign Data Wrapper.
To allow USERA on ComputerA's PostgreSQL instance to access tables on ComputerB as USERB:
CREATE SERVER ComputerB
FOREIGN DATA WRAPPER postgres_fdw
OPTIONS (host '192.160.10.1', port '5432', dbname 'computerB');
CREATE USER MAPPING FOR USERA
SERVER ComputerB
OPTIONS (user 'USERB', password 'PASSB');
Then you need to use CREATE FOREIGN TABLE for each table you'd like to use.
Just had a query that can WSO2 Identity Server be integrated with both LDAP and DB at the same time. To elaborate my query more, say we have a group of users defined in LDAP and another group of users defined in DB and I want Identity Server to act authorization gateway for both of these groups. Is it possible?
Also, while integrating with DB WSO2 adds its own tables in our existing DB. Is there any way we can add custom attributes(claims) support in DB without altering the WSO2 tables?
WSO2 Identity Server supports only one active user realm at a given time. But if your requirement is to use WSO2 IS as an authorization gateway which connects to a LDAP server as well to a DB for populating claims, etc then it is possible to use XACML support in WSO2 IS with a custom PIP(policy information point). In that case, you can connect to the LDAP server as the primary user store and write a custom PIP to connect to the DB to read the required claims.
Following two posts on PIPs will be helpful.
[1] - http://xacmlinfo.com/2011/12/18/understanding-pip/
[2] - http://blog.facilelogin.com/2011/04/xacml-policy-information-point.html
Answering the second query, with the default configuration in the JDBC mode, WSO2 IS uses its own set of tables for maintaining its user store. But if required, you can write your own user store implementation which connects to your database.