[keycloak-user] SSO in web and desktop application

Emanuele Gesuato Emanuele.Gesuato at finantix.com
Thu Apr 12 09:49:19 EDT 2018 

Hi Luis,

thank you very much for your support, I really appreciate.

Do you think it would be possible if we use openId instead of saml ?
Can we share some token in order to "share" authentication among different 
 clients ?

Thanks,
Emanuele




From:   Luis Rodríguez Fernández <uo67113 at gmail.com>
To:     keycloak-user at lists.jboss.org
Date:   11/04/2018 18:59
Subject:        Re: [keycloak-user] SSO in web and desktop application
Sent by:        keycloak-user-bounces at lists.jboss.org



Hello Emanuele,

Please, forget about the servlet filter, at the beginning I thought that
the "client-server application developed in java" was not using any
keycloak adaptor, sorry for the confusion.

No, SAML does not provide a token that you can share between different
clients.

You could think about share the cookies between the browser and the
"client-server" app, but this is a horrible hack. I would warn you to 
avoid
this way :)

Me, personally I would explore these two options:

a) Dedicated browser to automatically use the windows/kerberos credentials
of the logged user.
b) Let the dedicated browser redirect the user to the IdP login page. Yes,
users has to authenticate, but it will save you a lot of headache...

If you are using chrome there are extensions that apparently let you share
sessions between devices (
https://chrome.google.com/webstore/detail/sessionbox-free-multi-log/megbklhjamjbcafknkgmokldgolkdfig
).
You can give it a try, but me honestly, I do not like that option very
much...

Cheers,

Luis









2018-04-06 18:38 GMT+02:00 Emanuele Gesuato 
<Emanuele.Gesuato at finantix.com>:

> Hi Luis,
>
> thanks for your feedback.
>
> Is there any way to use some access token in order to identify the 
current
> user ?
>
> let me recap.
> I have a web application and a "desktop" application they are both
> different but they share the same set of users and they are both in the
> same keycloak realm.
> When user is logged to web application I would like to trigger some
> authentication mechanism in order to let user automatically logged when 
he
> opens the desktop application.
>
> I am using keycloak 3.4.3 with tomcat7 adapter. Both the web application
> and the server side application of the "desktop" one uses tomcat7 as
> servlet container (but they are different instances). Of course keycloak
> server is the same for both.
>
> I am not sure how  a servlet filter can help me solve this issue ... as 
I
> am using the standard tomcat7 keycloak adapter.
>
> Thanks for any help,
> Emanuele
>
>
>
>
>
> From:   Luis Rodríguez Fernández <uo67113 at gmail.com>
> To:     Emanuele Gesuato <Emanuele.Gesuato at finantix.com>
> Date:   06/04/2018 17:28
> Subject:        Re: [keycloak-user] SSO in web and desktop application
>
>
>
> Hello Emanuele,
>
> OK, I see. So if I understand correctly you have "converted" your webapp
> in a desktop application using something like this
> https://applicationize.me/ in a dedicated browser with some 
restrictions.
>
> The problem here is that you are requesting the application from a
> completely different client, it would be the same if you open an 
incognito
> window in your browser after login in the siteA.
>
> I have done a quick test with one of our SAML applications and I am
> redirected to the login page of our SSO. After authentication the app
> works perfectly fine.
>
> Perhaps you could try to configure that dedicated browser to 
automatically
> use the windows/kerberos credentials of the logged user...
>
> Cheers,
>
> Luis
>
> ps: the servlet filter can work in any servlet container. I am
> successfully using it in tomcat 9 :)
>
>
>
>
>
>
>
>
>
>
>
> 2018-04-06 12:38 GMT+02:00 Emanuele Gesuato 
<Emanuele.Gesuato at finantix.com
> >:
> sorry for my email issue
> *****************
>
> Hi there,
>
> client-server app is a browser application where we are using the
> keycloak-saml tomcat7 adapter.
>
> Your link refers to a java servlet application that doesn’t have an
> adapter for that servlet platform.
>
> Am I missing something in your answer ?
>
> thanks,
>
>
> Emanuele Gesuato
> Software specialist
>
>
> Mobile: +39 335 757 3556 | Email: emanuele.gesuato at finantix.com | skype:
> emanuelegesuato_work
>
>
> CONFIDENTIALITY NOTICE - The information contained in this communication
> is intended solely for the use of the individual or entity to whom it is
> addressed and others authorized to receive it. It may contain 
confidential
> or legally privileged information. If you are not the intended recipient
> you are hereby notified that any disclosure, copying, distribution or
> taking any action in reliance on the contents of this information is
> strictly prohibited and may be unlawful. If you have received this
> communication in error, please notify us immediately by responding to 
this
> email and then delete it from your system. Finantix is neither liable 
for
> the proper and complete transmission of the information contained in 
this
> communication nor for any delay in its receipt.
>
>
>
>
> From:   Subodh Joshi <subodhcjoshi82 at gmail.com>
> To:     Emanuele Gesuato <Emanuele.Gesuato at finantix.com>
> Cc:     keycloak-user <keycloak-user at lists.jboss.org>
> Date:   06/04/2018 12:11
> Subject:        Re: [keycloak-user] SSO in web and desktop application
> Sent by:        keycloak-user-bounces at lists.jboss.org
>
>
>
>  Emanuele Gesuato Look like some issue with your email client/server.
>
> On Fri, Apr 6, 2018 at 3:21 PM, Emanuele Gesuato <
> Emanuele.Gesuato at finantix.com> wrote:
>
> >
> > _______________________________________________
> > keycloak-user mailing list
> > keycloak-user at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/keycloak-user
> >
>
>
>
> --
> Subodh Chandra Joshi
> subodh1_joshi82 at yahoo.co.in
> http://www.trendsinnews.com
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
>
>
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
>
>
> --
> "Ever tried. Ever failed. No matter. Try Again. Fail again. Fail 
better."
> - Samuel Beckett
>
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>



-- 

"Ever tried. Ever failed. No matter. Try Again. Fail again. Fail better."

- Samuel Beckett
_______________________________________________
keycloak-user mailing list
keycloak-user at lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user

More information about the keycloak-user mailing list