Apisix with multiple realms

[JonasDaWi]

I have setup keycloak with multiple realms.
My question is: how do I enable jwt validation for multiple realms for a service behind apisix?

E.g.: Client1 gets a token from keycloak in the tenant1 realm, client2 gets a token in the tenant2 realm.
Both clients should be able to access a service behind apisix but no one outside of the realm "tenant1" and "tenant2". Is that possible with apisix? I haven't found something in the documentation.

Thanks in advance!

[moonming]

@starsz please take a look, thx

[starsz]

Hi @JonasDaWi.Now Apache APISIX doesn't support config multiple realms on the route. Maybe you should create more than one route and configure the different keycloak realms. And distinguish them by "host" or "URI"

E.g:
Create route1 with tenant1 realm and hostA. Create route2 with tenant2 realm and hostB.
They have the same upstream. Then you can use Client1 with hostA to access the service, and use Client2 with hostB to access the service.Can this help you?