[keycloak-user] SSO in web and desktop application

Luis Rodríguez Fernández uo67113 at gmail.com
Fri Apr 13 11:19:43 EDT 2018 

Hello Emanuele,

You are welcome, sorry for not being more helpful.

I must to admit that I did not try openid for any of my services.

I do believe that you could drop that question on the openId support forum:
https://getsatisfaction.com/openid

Hope it helps,

Luis





2018-04-12 15:49 GMT+02:00 Emanuele Gesuato <Emanuele.Gesuato at finantix.com>:

> Hi Luis,
>
> thank you very much for your support, I really appreciate.
>
> Do you think it would be possible if we use openId instead of saml ?
> Can we share some token in order to "share" authentication among different
>  clients ?
>
> Thanks,
> Emanuele
>
>
>
>
> From:   Luis Rodríguez Fernández <uo67113 at gmail.com>
> To:     keycloak-user at lists.jboss.org
> Date:   11/04/2018 18:59
> Subject:        Re: [keycloak-user] SSO in web and desktop application
> Sent by:        keycloak-user-bounces at lists.jboss.org
>
>
>
> Hello Emanuele,
>
> Please, forget about the servlet filter, at the beginning I thought that
> the "client-server application developed in java" was not using any
> keycloak adaptor, sorry for the confusion.
>
> No, SAML does not provide a token that you can share between different
> clients.
>
> You could think about share the cookies between the browser and the
> "client-server" app, but this is a horrible hack. I would warn you to
> avoid
> this way :)
>
> Me, personally I would explore these two options:
>
> a) Dedicated browser to automatically use the windows/kerberos credentials
> of the logged user.
> b) Let the dedicated browser redirect the user to the IdP login page. Yes,
> users has to authenticate, but it will save you a lot of headache...
>
> If you are using chrome there are extensions that apparently let you share
> sessions between devices (
> https://chrome.google.com/webstore/detail/sessionbox-free-multi-log/
> megbklhjamjbcafknkgmokldgolkdfig
> ).
> You can give it a try, but me honestly, I do not like that option very
> much...
>
> Cheers,
>
> Luis
>
>
>
>
>
>
>
>
>
> 2018-04-06 18:38 GMT+02:00 Emanuele Gesuato
> <Emanuele.Gesuato at finantix.com>:
>
> > Hi Luis,
> >
> > thanks for your feedback.
> >
> > Is there any way to use some access token in order to identify the
> current
> > user ?
> >
> > let me recap.
> > I have a web application and a "desktop" application they are both
> > different but they share the same set of users and they are both in the
> > same keycloak realm.
> > When user is logged to web application I would like to trigger some
> > authentication mechanism in order to let user automatically logged when
> he
> > opens the desktop application.
> >
> > I am using keycloak 3.4.3 with tomcat7 adapter. Both the web application
> > and the server side application of the "desktop" one uses tomcat7 as
> > servlet container (but they are different instances). Of course keycloak
> > server is the same for both.
> >
> > I am not sure how  a servlet filter can help me solve this issue ... as
> I
> > am using the standard tomcat7 keycloak adapter.
> >
> > Thanks for any help,
> > Emanuele
> >
> >
> >
> >
> >
> > From:   Luis Rodríguez Fernández <uo67113 at gmail.com>
> > To:     Emanuele Gesuato <Emanuele.Gesuato at finantix.com>
> > Date:   06/04/2018 17:28
> > Subject:        Re: [keycloak-user] SSO in web and desktop application
> >
> >
> >
> > Hello Emanuele,
> >
> > OK, I see. So if I understand correctly you have "converted" your webapp
> > in a desktop application using something like this
> > https://applicationize.me/ in a dedicated browser with some
> restrictions.
> >
> > The problem here is that you are requesting the application from a
> > completely different client, it would be the same if you open an
> incognito
> > window in your browser after login in the siteA.
> >
> > I have done a quick test with one of our SAML applications and I am
> > redirected to the login page of our SSO. After authentication the app
> > works perfectly fine.
> >
> > Perhaps you could try to configure that dedicated browser to
> automatically
> > use the windows/kerberos credentials of the logged user...
> >
> > Cheers,
> >
> > Luis
> >
> > ps: the servlet filter can work in any servlet container. I am
> > successfully using it in tomcat 9 :)
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> > 2018-04-06 12:38 GMT+02:00 Emanuele Gesuato
> <Emanuele.Gesuato at finantix.com
> > >:
> > sorry for my email issue
> > *****************
> >
> > Hi there,
> >
> > client-server app is a browser application where we are using the
> > keycloak-saml tomcat7 adapter.
> >
> > Your link refers to a java servlet application that doesn’t have an
> > adapter for that servlet platform.
> >
> > Am I missing something in your answer ?
> >
> > thanks,
> >
> >
> > Emanuele Gesuato
> > Software specialist
> >
> >
> > Mobile: +39 335 757 3556 | Email: emanuele.gesuato at finantix.com | skype:
> > emanuelegesuato_work
> >
> >
> > CONFIDENTIALITY NOTICE - The information contained in this communication
> > is intended solely for the use of the individual or entity to whom it is
> > addressed and others authorized to receive it. It may contain
> confidential
> > or legally privileged information. If you are not the intended recipient
> > you are hereby notified that any disclosure, copying, distribution or
> > taking any action in reliance on the contents of this information is
> > strictly prohibited and may be unlawful. If you have received this
> > communication in error, please notify us immediately by responding to
> this
> > email and then delete it from your system. Finantix is neither liable
> for
> > the proper and complete transmission of the information contained in
> this
> > communication nor for any delay in its receipt.
> >
> >
> >
> >
> > From:   Subodh Joshi <subodhcjoshi82 at gmail.com>
> > To:     Emanuele Gesuato <Emanuele.Gesuato at finantix.com>
> > Cc:     keycloak-user <keycloak-user at lists.jboss.org>
> > Date:   06/04/2018 12:11
> > Subject:        Re: [keycloak-user] SSO in web and desktop application
> > Sent by:        keycloak-user-bounces at lists.jboss.org
> >
> >
> >
> >  Emanuele Gesuato Look like some issue with your email client/server.
> >
> > On Fri, Apr 6, 2018 at 3:21 PM, Emanuele Gesuato <
> > Emanuele.Gesuato at finantix.com> wrote:
> >
> > >
> > > _______________________________________________
> > > keycloak-user mailing list
> > > keycloak-user at lists.jboss.org
> > > https://lists.jboss.org/mailman/listinfo/keycloak-user
> > >
> >
> >
> >
> > --
> > Subodh Chandra Joshi
> > subodh1_joshi82 at yahoo.co.in
> > http://www.trendsinnews.com
> > _______________________________________________
> > keycloak-user mailing list
> > keycloak-user at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/keycloak-user
> >
> >
> >
> >
> >
> > _______________________________________________
> > keycloak-user mailing list
> > keycloak-user at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/keycloak-user
> >
> >
> >
> > --
> > "Ever tried. Ever failed. No matter. Try Again. Fail again. Fail
> better."
> > - Samuel Beckett
> >
> >
> >
> > _______________________________________________
> > keycloak-user mailing list
> > keycloak-user at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/keycloak-user
> >
>
>
>
> --
>
> "Ever tried. Ever failed. No matter. Try Again. Fail again. Fail better."
>
> - Samuel Beckett
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>



-- 

"Ever tried. Ever failed. No matter. Try Again. Fail again. Fail better."

- Samuel Beckett

More information about the keycloak-user mailing list