Stream: ibm
Topic: multi-tenancy
Paul Bastide (Mar 02 2020 at 16:59):
I just opened https://github.com/IBM/FHIR/issues/744 IBM FHIR Server - DB2 Multitenancy Guide #744 ... if there are specifics people want added to the multitenancy guide beyond what I included, feel free to add as comments
Batuhan Bulut (Dec 18 2021 at 22:03):
I want to use multi-tenancy feature of ibm fhir server, but defining a static issuer in mpJWT config prevents me to use different realms in keycloak. what is the best practice of resolving that. could you point me to a direction? I couldn't find anything about this specific problem in docs.
Lee Surprenant (Dec 20 2021 at 14:39):
Hi Batuhan. We havn't actually addressed this in our server implementation to date.
If you can validate the JWTs in FRONT of the fhir server (e.g. via an API Gateway), thats probably the best way to avoid running a server-per-tenant. You can still use our fhir-smart module for the authorization.
Alternatively, you could fork our fhir-smart module and do the JWT validation there instead, but we prefer doing that up front to avoid any additional processing on the server from unauthenticated users.
There may be a way to do it via liberty config as well but I havn't ever done it...let us know if you do :-)
Sreenivas Dunna (Jan 20 2022 at 10:01):
Can we run IBM FHIR server as Single instance with multi tenant?
Lee Surprenant (Jan 20 2022 at 13:23):
yes. the limitation described above is about configuring JWT validation. i suggested two different workarounds for addressing that limitation in order to have a single server instance.
Last updated: Apr 12 2022 at 19:14 UTC
