[keycloak-user] Multi realms approach

Michael Liebe Michael.Liebe at ist.com
Sat Sep 30 02:55:18 EDT 2017


Hi,

We have a similar setup and achieve cross-realm authentication through an extra IdP instance (which is actually a requirement for us because the IdPs are owned by the customers). This adds of course an administrative overhead.

Realm selection is in our case done by setting a specific header on the reverse proxy. The realm name is hereby derived from the request url. Accordingly, we implemented a custom KeycloakConfigResolver that reads the realm name from the header.  

I hope this helps,
Michael


 

On 2017-09-27, 14:14, "keycloak-user-bounces at lists.jboss.org on behalf of Matthias ANGLADE" <keycloak-user-bounces at lists.jboss.org on behalf of manglade at nextoo.fr> wrote:

    Hi,
    
    I'm currently working on a project with specific requirements. Actually
    what we are trying to do is to setup a Keycloak in order to protect several
    applications. Each of these applications will potentially have their own
    set of webapps and micro-services. What we intended to do is to declare a
    realm per app (and each component of the app would be a client within it's
    own realm).
    
    We need to setup some cross-realm features such as realm selection,
    multi-realm authentication (i.e not being forced to re-login when switchin
    from one realm to another).
    
    I'm looking for advices or feedbacks in implementing such a case. Would you
    have any ?
    
    Yours,
    _______________________________________________
    keycloak-user mailing list
    keycloak-user at lists.jboss.org
    https://lists.jboss.org/mailman/listinfo/keycloak-user
    




More information about the keycloak-user mailing list