You are viewing the documentation for Blueriq 16. Documentation for other versions is available in our documentation directory.
This page describes how to configure OpenID Connect with Multitenancy.
Enabling multi-tenancy
To use OpenID Connect, multi-tenancy needs to be enabled. Also a list of allowed tenants should be configured.
application.properties
blueriq.multi-tenancy.enabled=true blueriq.multi-tenancy.allowedTenants=blueriq,everest
HTTP request validation
When multi-tenancy is enabled, each HTTP request is validated as follows:
- Check if the user is logged in using OpenID Connect → JWT token claims should contain the tenant claim.
- If the user is not logged in, then the tenant header should be present and valid. The HTTP header is valid when its value is in the list of allowed tenants.
- If the user is logged in, then the tenant header is not required. If it exists, then it needs to match the tenant claim value.
Tenant claim
The JWT token claim can be configured by changing property blueriq.security.jwt-claims.claim-mapping.TenantID. For example:
application.properties
blueriq.security.jwt-claims.claim-mapping.TenantID=$.TenantID
Tenant header
The default HTTP header that is passed in the HTTP request "X-TENANT-ID", it can be configured by changing property blueriq.multi-tenancy.httpHeader. For example:
application.properties
blueriq.multi-tenancy.httpHeader=X-TENANT-ID
Overview
Content Tools