[keycloak-user] SSO amongst two realms
Marek Posolda
mposolda at redhat.com
Thu Feb 25 02:25:20 EST 2016
It's possible to achieve something like this with identity provider. You
can create identityProvider in realm2, which will authenticate against
realm1. In that case, there will be button in login screen of realm2
like "Login with realm1" and when user clicks on this, he will be
logged-in automatically. There is also possibility to use switch
"Authenticate by default" in identity provider and then login screen of
realm2 won't be shown, but instead it will always automatically redirect
to realm1 login screen.
The thing is, that you will end with duplicated user accounts (Account
of user "john" will be in both realm1 and realm2). AFAIK we plan to
improve this in the future to have this use-case more "friendly" as more
people ask about that.
Marek
On 25/02/16 01:39, Sarp Kaya wrote:
> Hi,
>
> I want to know whether it is possible to have SSO amongst two realms.
> Ie User 1 logins to an app1 that auths against realm1, then user 1
> tries to use app2 which auths against realm2 which should work fine as
> user 1 logged into realm1 before and it should SSO into app2 fine.
>
> If this is possible then what would be the setup like?
>
> Kind Regards,
> Sarp
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160225/36413622/attachment-0001.html
More information about the keycloak-user
mailing list