Multi tenancy URL configuration with tired architecture. #8439 | Support

Anjaneyulu created 16 days ago

ABP Framework version: v8.3.3
UI Type: MVC
Database System: EF Core (SQL Server)
Tiered (for MVC) or Auth Server Separated (for Angular): yes
Exception message and full stack trace:
Steps to reproduce the issue:
1. Currently i have my server with using ABP framework which in not Tiered(No seperate auth server and api Host)
I able to configure multitenancy using *.myproduct.com
But now i want to move to tired architecture and im confused about handling multi tenenacy. And how does tenant url be formatted?

Should i take three different certiifcate like *.apimyproduct.com , *.authmyproduct.com etc.

Can you help us what should be the preffered way to host the applications in the multi tenant context.

5 Answer(s)

0

maliming created 16 days ago
Support Team Fullstack Developer

hi

Should i take three different certiifcate like *.apimyproduct.com , *.authmyproduct.com etc.

HTTPS certificate supports wildcard. You can use one certificate for multiple domains.

eg: https://github.com/abpframework/abp-samples/tree/master/DomainTenantResolver
0
Anjaneyulu created 16 days ago
I have configured the widl card i.e., *.xyz.com to my server as follows

API Host - api.xyz.com AuthServer - auth.xyz.com WebServer - web.xyz.com

I have observerd two issues here

When add tenant lets say 'test1' - I couldn't login to test1.web.xyz.com as the openid client credentials are not created in the tenant ,so it is redirecting to auth.xyz.com rather than t1.auth.xyz.com

Also when i do t1.web.xyz.com the certificate is showing invalid certificate but it is showing as valid certificate for web.xyx.com
0

maliming created 15 days ago
Support Team Fullstack Developer

hi

openid client credentials are not created in the tenant

The openiddict application/client should always store on Host database.

showing invalid certificate but it is showing as valid certificate for web.xyx.com

Your HTTPS certification should contain the *.web.xyx.com.

acme.sh --issue --dns dns_cf -d getabp.net -d '*.getabp.net' -d '*.api.getabp.net' -d '*.ids.getabp.net' -d '*.ng.getabp.net' -d '*.web.getabp.net'
0

Anjaneyulu created 12 days ago

hi

openid client credentials are not created in the tenant

The openiddict application/client should always store on Host database.

Tommorow if i create a tenant for customer, Should i not give the tenant admin provision to add openid applications/clients ??

showing invalid certificate but it is showing as valid certificate for web.xyx.com

Your HTTPS certification should contain the *.web.xyx.com.

Rather than having multilevel subdomains, if i use three certificates for api,authserver and web and create a tenant test, will abp support test.api.com -> test.authserver.com -> test.web.com tenant resolution?

acme.sh --issue --dns dns_cf -d getabp.net -d '*.getabp.net' -d '*.api.getabp.net' -d '*.ids.getabp.net' -d '*.ng.getabp.net' -d '*.web.getabp.net'
0

maliming created 11 days ago
Support Team Fullstack Developer

hi

Tommorow if i create a tenant for customer, Should i not give the tenant admin provision to add openid applications/clients ??

The Tenant usually doesn't to maintain the OAuth2 applications/clients. This is the default design.

Rather than having multilevel subdomains, if i use three certificates for api,authserver and web and create a tenant test, will abp support test.api.com -> test.authserver.com -> test.web.com tenant resolution?

The HTTPS certificates are unrelated to abp. abp framework support resolves tenant from URL.

Have an answer to this question? Log in and write your answer.