Nexeed
    • Introduction
    • User manual
      • Basic operation
      • Getting started
      • User
      • Groups
      • Roles
      • Organizations
      • Contracts
      • Modules
      • Identity providers
        • General Settings for the Identity Provider
        • Mapper Overview
      • Reports
      • Activity log
      • My Account
        • Overview: Login Tab
      • Configuration
        • Contents of the configuration file
        • How to work with the configuration file
    • Operations manual
      • Overview
      • System Architecture and Interfaces
      • System Requirements
        • macma/macma-webapp-backend
        • macma/macma-core
        • macma/macma-keycloak-mssql
      • Migration from Previous Versions
        • Migration to 1.37+
        • Migration to 1.34+
        • Migration to 1.33+
        • Migration to 1.32+
        • Migration to 1.31+
        • Migration to 1.29+
        • Migration to 1.28+
        • Migration to 1.27+
        • Migration to 1.26+
        • Migration to 1.25+
        • Migration to 1.21+
        • Migration to 1.20+
        • Migration to 1.19+
        • Migration to 1.18+
        • Migration to 1.17+
        • Migration to 1.16.0
        • Migration to 1.15.0
      • Setup and Configuration
        • Helm Configuration
        • macma/macma-core Configuration
        • macma/macma-keycloak-mssql Configuration
        • macma/macma-webapp-backend Configuration
        • Installation guide
        • Identity provider integration
        • Optional Configuration
        • Recommendations
        • Module Health Verification Endpoints and K8S Probes
      • Start and Shutdown
      • Regular Operations
        • Registering a new application in MACMA
          • Allowing application to use other applications
        • Change client secret of an application
      • Logging and Monitoring
        • Required Monitoring
        • Security Logging
          • Macma Security Events
          • Keycloak Security Events
          • Security Logging Format
        • Activity Logging
          • Activity Log Events
      • Known Limitations
        • Performance
        • General
        • Allowed characters and Internationalization
    • Developer documentation
      • Concepts
        • Authentication
        • Authorization
        • Resources
        • Roles
        • Sharing
      • Getting started
        • Registration
        • Authentication
        • Authorization
        • Multitenancy
      • How-to
        • Get & handle tokens
        • OAuth 2.0 for Mobile and Native Apps
        • Evolve authorization in your application lifecycle
        • Use Web Core for user login
        • Handle our integration events
        • Frequent How-To Questions for Application Developers
        • Do automated testing
        • Advertise things to colleagues
        • Integrate with additional environments
      • Deep dives
        • OAuth2 and its flows
        • OpenID Connect endpoints
    • Troubleshooting
      • Startup and availability
      • Identity provider integration
      • Resource deletion
      • Authentication
      • Authorization
    • API documentation
      • HTTP API
      • Event API
    • Glossary
Multitenant Access Control
  • Industrial Application System
  • Core Services
    • Block Management
    • Deviation Processor
    • ID Builder
    • Multitenant Access Control
    • Notification Service
    • Ticket Management
    • Web Portal
  • Shopfloor Management
    • Andon Live
    • Global Production Overview
    • KPI Reporting
    • Operational Routines
    • Shift Book
    • Shopfloor Management Administration
  • Product & Quality
    • Product Setup Management
    • Part Traceability
    • Process Quality
    • Setup Specs
  • Execution
    • Line Control
    • Material Management
    • Order Management
    • Packaging Control
    • Rework Control
  • Intralogistics
    • AGV Control Center
    • Stock Management
    • Transport Management
  • Machine & Equipment
    • Condition Monitoring
    • Device Portal
    • Maintenance Management
    • Tool Management
  • Enterprise & Shopfloor Integration
    • Archiving Bridge
    • Data Publisher
    • Direct Data Link
    • Engineering UI
    • ERP Connectivity
    • Gateway
    • Information Router
    • Master Data Management
    • Orchestrator

Nexeed Learning Portal
  • Multitenant Access Control
  • Operations manual
  • System Requirements
  • macma/macma-keycloak-mssql
1.37.1 1.37.0

macma/macma-keycloak-mssql

Resource Requests and Limits

Resource

Request

Limit

CPU (in millicpu)

500

2000

Memory (in MiB)

2048

4096

Local File Storage (in MB)

900

1500

Required infrastructure services

Databases

Either of

Oracle DB / 19c / Enterprise Edition

Supported Versions

19c

Extensions

Character set (strongly recommended) (AL32UTF8)
National Character set (required) AL16UTF16)

DBs / Schemas / Users

schema and user are configurable (schema needs to be default for user)

Required Privileges

An oracle user with the privileges "NEXEED_BASIC_ROLE" and "NEXEED_EXTENDED_ROLE" as described in the Nexeed IAS Operations Manual is required

Relative Capacity

depending on amount of tenants, users, applications and resources managed

Microsoft SQL Server 2016/2017/2019, Azure SQL

(only with MS JDBC driver, not jtds)

Supported Versions

  • 2016

  • 2017

  • 2019

Database Settings

To reduce the amount of potential deadlocks the following settings must be enabled for keycloak database to have Read Committed Snapshot Isolation (RCSI):

ALTER DATABASE [keycloak] SET ALLOW_SNAPSHOT_ISOLATION ON
ALTER DATABASE [keycloak] SET READ_COMMITTED_SNAPSHOT ON WITH NO_WAIT

Azure SQL already has these settings enabled by default.

The READ_COMMITTED_SNAPSHOT setting can only be applied if not other connections to the database exist. There are various options to enforce that:

  • limit database to mode RESTRICTED_USER (rather than SINGLE_USER) temporarily before reverting to MULTI_USER using:

    ALTER DATABASE [master-data-database] SET <mode> WITH ROLLBACK AFTER 30 SECONDS

  • shut down all applications;

  • add WITH ROLLBACK IMMEDIATE instead of WITH NO_WAIT to force a rollback of all active transactions;

  • use database failover to replicas to reconfigure them one by one.
Database Collation

SQL_Latin1_General_CP1_CI_AS

DBs / Schemas / Users

schema and user are configurable (schema needs to be default for user)

Required Privileges

Full access to manage objects and data within the schema DDL + DML.

Relative Capacity

depending on amount of tenants, users, applications and resources managed

Messaging

None needed.

Required resources

Resources Comments

Certificates

Certificates required for outgoing connections can be configured via the environment variable USE_SYSTEM_CA_CERTS (see macma/macma-keycloak-mssql Configuration for more information)

Contents

© Robert Bosch Manufacturing Solutions GmbH 2023-2025, all rights reserved

Changelog Corporate information Legal notice Data protection notice Third party licenses