[keycloak-user] set session cookie domain?
bburke at redhat.com
Mon Oct 26 10:57:18 EDT 2015
These are browser based apps? If so, Keycloak *ALREADY* does this.
Obtaining claims is not done by cookies, but rather the SSO protocol
(OpenID Connect or SAML).
On 10/26/2015 10:21 AM, keycloak-user.myq at xoxy.net wrote:
> My goal is to have several web services (which reside at sub1.domain.com
> <http://sub1.domain.com>, sub2.domain.com <http://sub2.domain.com>,
> etc.) all redirect users to auth.domain.com <http://auth.domain.com> for
> login. When a user is logged in and visits one of the web services, the
> web service should be able to get the user's identity from a claim
> signed by the authentication service (keycloak). The only way I know of
> to do this is to pass a claim in a cookie.
> Ideally, the web service should be able to verify the identity claim
> without needing to emit an HTTP request to the auth service (by
> verifying the signature against the realm's public key).
> Is keycloak the right choice for this? and if not, do you have any
> On Mon, Oct 26, 2015 at 9:49 AM, Marek Posolda - mposolda at redhat.com
> <mailto:mposolda at redhat.com>
> <keycloak-user.myq.aa3199607d.mposolda#redhat.com at ob.0sg.net
> <mailto:keycloak-user.myq.aa3199607d.mposolda#redhat.com at ob.0sg.net>> wrote:
> This doesn't seem to be supported. Question is why you need it? All
> the cookies like KEYCLOAK_IDENTITY are set by keycloak server and
> it's just the keycloak server, which is supposed to read them.
> On 26/10/15 14:26, keycloak-user.myq at xoxy.net
> <mailto:keycloak-user.myq at xoxy.net> wrote:
>> Hello. How can I set the domain of session cookies?
>> I want to run keycloak at auth.mydomain.com
>> <http://auth.mydomain.com> and get the session cookies (for SSO)
>> at other subdomains of mydomain.com <http://mydomain.com>.
>> Browsers will allow sub.domain.com <http://sub.domain.com> to set
>> cookies for domain.com <http://domain.com>, but I can't figure out
>> how to get Keycloak to do this.
>> Thanks in advance!
>> keycloak-user mailing list
>> keycloak-user at lists.jboss.org <mailto:keycloak-user at lists.jboss.org>
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
JBoss, a division of Red Hat
More information about the keycloak-user