[keycloak-user] How can I use Keycloak to support my architecture?

Dmitry Telegin dt at acutus.pro
Mon Nov 12 01:15:23 EST 2018 

Hi Ola,

Just my 2¢: are your App1/App2 classic web applications, or are they SPAs using REST APIs and token bearer authorization?

AFAIK the second scenario doesn't mandate that you register you apps as clients. You can simply reuse tokens issued for another application, in your case App3.

But if those are classical webapps and you want to Keycloak-enable them, then you will need to register them, because Keycloak's interactive authentication is client-based.

Either way, I'd recommend you to register your apps with Keycloak, because it will give you other benefits beyond SSO, like using custom flows per client, manipulating token claims, using authorization services etc.

Cheers,
Dmitry Telegin
CTO, Acutus s.r.o.
Keycloak Consulting and Training

Pod lipami street 339/52, 130 00 Prague 3, Czech Republic
+42 (022) 888-30-71
E-mail: info at acutus.pro

On Wed, 2018-11-07 at 13:53 +0530, ola rob wrote:
> Hi,
> 
> I need some help in securing my applications with keycloak:
> 
> I have couple of grails applications (App1 and App2) using spring security.
> However, currently I am using keycloak REST API to authenticate users by
> passing username and password and receive token without registering these
> applications as clients in the keycloak.  But this approach seems to be
> inefficient when we want to support SSO, kerberos and other lot of powerful
> features that Keycloak offers.
> So I came up with the below approach to support SSO/kerberos but wanted to
> know if Keycloak can solve our problem.
> 
> "Create a new spring boot master application (App3) and register with
> Keycloak and redirect the login page to Keycloak. Once login is successful,
> use the token that keycloak provides and pass it on to App1 and App2 and
> tweak my existing code flow to handle this. Can this be possible because I
> am not registering/creating any clients for app1 and app2 in keycloak here
> but only creating for app3 which is the master application and using the
> access token? Is it mandatory to register/create all clients in Keycloak to
> support SSO?"
> 
> Any help would be highly appreciated.
> 
> Thanks in advance!
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user

More information about the keycloak-user mailing list