[keycloak-user] SSO in web and desktop application
Emanuele Gesuato
Emanuele.Gesuato at finantix.com
Thu Apr 5 13:14:03 EDT 2018
Hi Subodh,
it is what I thought but it looks like rest api are available only for
open-id not for saml protocol.
To retrieve access-token I need to enable access-type as "public" or
"confidential" but it is an option available only for open-id clients.
When I try to run
curl -d "client_id=admin_client" -d "username=admin" -d
"password=password" -d "grant_type=password" "
http://<host>:<port>/auth/realms/master/protocol/openid-connect/token"
I got error ( "admin_client" is a saml client):
{"error":"unauthorized_client","error_description":"Client secret not
provided in request"}
but:
1. access type can be changed as "public" or "confidential" only for
openId clients.
2. client secret cannot be generated for saml clients.
Am I missing something ?
many thanks for any help,
Emanuele
From: Subodh Joshi <subodhcjoshi82 at gmail.com>
To: Emanuele Gesuato <Emanuele.Gesuato at finantix.com>
Cc: keycloak-user <keycloak-user at lists.jboss.org>
Date: 05/04/2018 17:35
Subject: Re: [keycloak-user] SSO in web and desktop application
Sent by: keycloak-user-bounces at lists.jboss.org
I don't know if I can understand it clearly but is this not possible
through keycloak rest-api ?
On Thu, 5 Apr 2018, 19:38 Emanuele Gesuato,
<Emanuele.Gesuato at finantix.com>
wrote:
> Sorry for previous messages, not sure what happened
> ******
> Hi everyone,
>
> we are using the tomcat 7 adapter of keycloak 3.4.3 (SAML). We managed
> also to install the server side part and to integrate the keycloak with
an
> our web application. Now when user access to siteA he is correctly
> redirected to keycloak login page and after login he is redirected to
the
> application itself. It is working fine.
>
> Problem is the following. We are not trying to integrate SSO in the
> following way:
> 1. User opens browser and goes to our siteA
> 2. User correctly logins
> 3. In user desktop there is an our client-server application developed
in
> java and our goal is to have the user logged in automatically because we
> are sharing same set of users. Moreover, siteA and the server side
> application are different clients in the same realm.
>
> The client-server application is basically a webapplication, where the
> client part is a "custom" browser that restricts the user to do only
some
> operations. The browser widget is a custom one but we can change if
> required.
>
> Is it possible to do such thing ? How ?
>
> I think we need to "share" something between the request of siteA and
the
> application itself.
> I tried to share the JSESSIONID but it was not working; after
> investigation I found that JSESSIONID is not useful for my purpose.
>
> I hope to have explained clearly my issue,
> thanks for any help
>
>
>
> From: "Emanuele Gesuato" <Emanuele.Gesuato at finantix.com>
> To: keycloak-user at lists.jboss.org
> Date: 05/04/2018 15:58
> Subject: Re: [keycloak-user] SSO in web and desktop application
> Sent by: keycloak-user-bounces at lists.jboss.org
>
>
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
>
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
_______________________________________________
keycloak-user mailing list
keycloak-user at lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
More information about the keycloak-user
mailing list