[keycloak-user] SSO amongst two realms

Stian Thorgersen sthorger at redhat.com
Fri Apr 8 01:05:59 EDT 2016 

Can you elaborate on how you imagine "fallback to the local realm" would
work?

On 7 April 2016 at 21:59, Jason Axley <jaxley at expedia.com> wrote:

> Could you possibly support “Authenticate by default” with a “fallback to
> the local realm”?  It would be nice to have certain users attached to a
> particular realm realm1 but have Keycloak internally attempt to
> authenticate first against another realm so you can get the effect of a
> union of the users across the two realms.  The user experience with the
> federation buttons as an alternative makes this configuration complexity
> exposed to the user and I’d prefer to not have to do that.
>
> -Jason
>
> From: <keycloak-user-bounces at lists.jboss.org> on behalf of Marek Posolda <
> mposolda at redhat.com>
> Date: Wednesday, February 24, 2016 at 11:25 PM
> To: Sarp Kaya <akaya at expedia.com>, "keycloak-user at lists.jboss.org" <
> keycloak-user at lists.jboss.org>
> Subject: Re: [keycloak-user] SSO amongst two realms
>
> It's possible to achieve something like this with identity provider. You
> can create identityProvider in realm2, which will authenticate against
> realm1. In that case, there will be button in login screen of realm2 like
> "Login with realm1" and when user clicks on this, he will be logged-in
> automatically. There is also possibility to use switch "Authenticate by
> default" in identity provider and then login screen of realm2 won't be
> shown, but instead it will always automatically redirect to realm1 login
> screen.
>
> The thing is, that you will end with duplicated user accounts (Account of
> user "john" will be in both realm1 and realm2). AFAIK we plan to improve
> this in the future to have this use-case more "friendly" as more people ask
> about that.
>
> Marek
>
> On 25/02/16 01:39, Sarp Kaya wrote:
>
> Hi,
>
> I want to know whether it is possible to have SSO amongst two realms. Ie
> User 1 logins to an app1 that auths against realm1, then user 1 tries to
> use app2 which auths against realm2 which should work fine as user 1 logged
> into realm1 before and it should SSO into app2 fine.
>
> If this is possible then what would be the setup like?
>
> Kind Regards,
> Sarp
>
>
> _______________________________________________
> keycloak-user mailing listkeycloak-user at lists.jboss.orghttps://lists.jboss.org/mailman/listinfo/keycloak-user
>
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160408/aa8b619e/attachment-0001.html

More information about the keycloak-user mailing list