Is there a way to make the kratos oathkeeper to discover the Ory Community #talk-kratos

Join Slack

Is there a way to make the kratos / oathkeeper to ...

# talk-kratos

red-needle-26695

01/14/2022, 7:43 PM

Is there a way to make the kratos / oathkeeper to discover the tenant and Authenticate?

enough-winter-51484

01/14/2022, 8:27 PM

Hi Vimalraj, I just starting playing around with Kratos, not a maintener or something. I don't know if it will help, but I saw this on the documentations: https://www.ory.sh/kratos/docs/guides/multi-tenancy-multitenant/

magnificent-energy-493

01/15/2022, 11:09 AM

We built Ory Cloud for multitenancy out of the box, If you want to self-host Tom already posted a good solution: Spin up a Ory Kratos instance per tenant. Also check out this tip.

red-needle-26695

01/15/2022, 11:49 AM

I'll definitely give Ory cloud a try. Spinning up separate instances for each tenant is still ok, but dynamic provisioning and oidc configuration still a grey are to me. Is there any way to provide dynamic oidc setup? I'm still very new to ory

magnificent-energy-493

01/17/2022, 8:26 AM

Hey Vimalraj, sure! RFC 7591 Dynamic Client Registration is implemented in Ory Hydra, so it should be possible 🙂 . Ory Hydra is not yet part of Ory Cloud yet, it is one or two months out.

red-needle-26695

01/17/2022, 12:00 PM

Awesome! Is it possible to add custom social login dynamically in Ory Kratos ?

magnificent-energy-493

01/17/2022, 12:28 PM

If you combine it with Ory Hydra, should be no problem. Just out of interest, what is your use case for the RFC 7591?

red-needle-26695

01/17/2022, 12:42 PM

Multi tenant authentication We have different native applications running in subdomain, and we want multi tenancy as well. As per this link (https://www.ory.sh/kratos/docs/guides/multi-tenancy-multitenant/) If we go ahead and create new instance of ORY Kratos for every tenant we can authenticate with tenants only if we know the tenant id (Tenant discovery is a problem). So, having dedicated instance of Kratos won’t work without solving tenant discovery. If we keep single Kratos for all customers and keep the tenant information outside authentication, Post login we can authorise the user to particular tenant with custom logic. But, When customer ask for integration with their private identity provider, We may do with custom OIDC provider(Kratos Social provider) If that configuration become dynamic.

red-needle-26695

01/17/2022, 12:43 PM

I still need to figure out tenant discovery with Kratos

magnificent-energy-493

01/17/2022, 2:50 PM

I see, thanks! very interesting, but not very easy to set up. Let me know how it goes, I will see to ping you if I find anything related.

👍 1

3 Views

Open in Slack

Previous Next