[keycloak-user] Brokering tenant SSO (instead of social SSO)

Peter K. Boucher pkboucher801 at gmail.com
Mon Jun 26 10:07:17 EDT 2017


We have an app that is multi-tenanted (the app is provisioned in a realm per
tenant, with some code that knows which keycloak.json to load for the
appropriate realm).

 

We want to support SSO from the tenants using SAML. Ideally, the tenant's
user would be logged into their own intranet, and from there, they would
click on a link and end up logged into our app without having to see any
login page or SSO provider selection page.

 

We were thinking that one way this could be done would be to shortcut steps
3 and 4 in the diagram at
https://keycloak.gitbooks.io/documentation/server_admin/topics/identity-brok
er/overview.html (maybe by writing javascript code in the in the page to
automatically select the tenant appropriate for the current realm and submit
it in order carry out the rest of the SSO without asking the user to click
on anything).

 

Is there a way to do this without kludging javascript into the SSO provider
selection page?

 

Thanks!

 

Regards,

Peter K. Boucher

 



More information about the keycloak-user mailing list