[keycloak-user] Sending the user to the login page without the realm
Stian Thorgersen
stian at redhat.com
Mon Jan 26 02:03:55 EST 2015
----- Original Message -----
> From: "Juraci Paixão Kröhling" <juraci at kroehling.de>
> To: keycloak-user at lists.jboss.org
> Sent: Friday, January 23, 2015 7:01:38 PM
> Subject: [keycloak-user] Sending the user to the login page without the realm
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> All,
>
> I think I've seen something similar here on the list, but I can't find
> the thread. So, I apologize in advance.
>
> I'm doing the integration with an application that is multi tenant,
> so, before sending the user to Keycloak for the authentication, I
> present a screen to the user to select his realm on the single-page
> HTML5 application. This is obviously not optimal for several reasons :-)
>
> I was then wondering if it would possible/desirable to have Keycloak
> to determine the realm of the user based on his login/email address.
> When doing the redirect to the single-page app, Keycloak would then
> also send, for instance, the URL for the application to load the
> keycloak.json file for that realm.
>
> Is this something that would be worth pursuing?
I can't see this being a common use-case and it would require a fair amount of logic.
Exactly what are the requirements around your multi-tenancy app? An alternative approach could be to use identity brokering, which is available in master atm. It may need some additional capabilities to fill your needs, but basically it's allows your app to talk to a single realm, while Keycloak brokers to other realms, even to remote servers.
>
> - - Juca.
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1
>
> iQEcBAEBAgAGBQJUwoyCAAoJEDnJtskdmzLMHhYH/3hii2OFSZsq4CXCL/Vo6+hp
> dR1p/UvoeNVquu0L1Lv4JZ34+tP/0r7Zh24kBFCglPJjxMdjozP5PCNAz9gW9vCW
> wr2HnUlwMmLT22mWF9YXsFgt0TPwl/ztDQOWFWnQgzqZRILG6rSC/RqeF1tN/VRU
> aIZGXUH+9t2nIe5g0jsYj9FdzkJy0iDVlPhSgUqR6mbsSCOSyb+r91VoVXXS62vh
> dSezepypdstIzxuf/+2PmVxi63+X7kFVO9jy+SNgIMsih8zqsokGuIik5s+jbaZP
> HhW2oR0NbiM2ch9C32V6M4/dDqhHlYpZkizHkjFZ2jZi4VBS28bfPG/9k7V3xG0=
> =UCsV
> -----END PGP SIGNATURE-----
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
More information about the keycloak-user
mailing list