[keycloak-user] Keycloak and 3 clients

Thomas Darimont thomas.darimont at googlemail.com
Mon Mar 20 16:22:02 EDT 2017 

Hello Marc,

I think the following setup will suit your requirement (assuming all 3 apps
are web apps)

Create a confidential client for each of the 3 apps in the same realm.
Treat 1 app as "manager" app. The other apps are "workers".
Secure each app with an appropriate keycloak adapter and configure an
appropriate
Admin URL for the client such that Keycloak can propagate logouts to them.

In the "manager" app use the default keycloak logout of your adapter
functionality
when a user clicks on logout.
However in the worker app only kill the current http session
of the app on "logout" and release app local resources then redirect to
some kind of central launch pad, potentially part of the "manager" app.

If a user now clicks on an application icon on the launch pad he
will be sent to the app without having to login.

If a user performs a logout from the manager app the real logout
will be performed. If the user then tries to access an app he as to login
again.

This "pseudo" logout still releases some resources and gives the user
the "impression" that they did their job of logging out every time.
This helps to deal with users which are used to work with not integrated
web apps but still don't want to login every time...

Cheers,
Thomas

2017-03-20 19:45 GMT+01:00 Marek Posolda <mposolda at redhat.com>:

> Hi,
>
> not sure I understand your use-case properly. Also not sure how much
> sense it has as login is always SSO and logout is always
> single-sign-out. Maybe there is possibility to do this with our
> "identity providers" and have 2 keycloak realms when 1 realm will be
> provider and second realm consumer. There are some disadvantages of this
> approach (eg. duplicated users), but maybe you can achieve what you want
> with this..
>
> Marek
>
> On 20/03/17 16:02, Marc Tempelmeier wrote:
> > Hi,
> >
> > I´m new to Keycloak and have the lucky possibility to play around with
> it here at my new company.
> > Unlucky is I´m the only person who plays around with it at the moment.
> >
> > So I have to make it possible that we have 3 services connected with
> Keycloak. But just one of them should have the users in the same realm but
> the users shouldn´t be logged out.
> >
> > To recap:
> >
> > Keycloak with 3 clients, logout should log out only 2, but login should
> occur for all 3.
> >
> > Can you give me a gist how to solve that?
> >
> > Best regards
> >
> > Marc
> >
> > _______________________________________________
> > keycloak-user mailing list
> > keycloak-user at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/keycloak-user
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>

More information about the keycloak-user mailing list