You are viewing the documentation for Blueriq 17. Documentation for other versions is available in our documentation directory.

This page describes how to configure OpenID Connect with Multitenancy.

Enabling multi-tenancy

To use OpenID Connect, multi-tenancy needs to be enabled. Also a list of allowed tenants should be configured.

application.properties
blueriq.multi-tenancy.enabled=true
blueriq.multi-tenancy.allowedTenants=blueriq,everest

HTTP request validation

When multi-tenancy is enabled, each HTTP request is validated as follows:

  • Check if the user is logged in using OpenID Connect → JWT token claims should contain the tenant claim.
  • If the user is not logged in, then the tenant header should be present and valid. The HTTP header is valid when its value is in the list of allowed tenants.
  • If the user is logged in, then the tenant header is not required. If it exists, then it needs to match the tenant claim value.

Tenant claim

The JWT token claim can be configured by changing property blueriq.security.jwt-claims.claim-mapping.TenantID. For example:

application.properties
blueriq.security.jwt-claims.claim-mapping.TenantID=$.TenantID

Tenant header

The default HTTP header that is passed in the HTTP request "X-TENANT-ID", it can be configured by changing property blueriq.multi-tenancy.httpHeader. For example:

application.properties
blueriq.multi-tenancy.httpHeader=X-TENANT-ID



Didn't find the answer you were looking for? Try the advanced search