[keycloak-user] User Federation
Stan Silvert
ssilvert at redhat.com
Fri Jan 18 08:18:34 EST 2019
Yes, one realm can point to another realm for federation.
Realm A uses Realm B for authentication.
Set up an identity provider in Realm A. If you want Realm B to handle
all logins for Realm A, got to Authentication and set the Identity
Provider Redirector to the identity provider you just created.
In Realm B, create an openid-connect client for your application. Copy
and paste the Client ID and Client Secret from Realm B into the identity
provider in Realm A.
At first login, the users from Realm B will be created in Realm A. I'm
not sure if this will solve your use case concerning permissions, but it
gives you something to play around with.
On 1/18/2019 6:11 AM, James Pridmore wrote:
> Hi all,
>
> I wonder if anyone could help me. I'm trying to set up a realm with user federation. I'd like that realm to point to another realm within the same instance of Keycloak.
>
> Is this possible and if so, how do I go about it?
>
> The reason for this is we have one application supporting different contracts, users have different permissions in different contracts. We think we can achieve this by setting up 1 client over multiple realms and using one set of users in all those realms but with different permissions in each realm.
>
> Any advice is much appreciated.
>
> Kind regards,
>
> James
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
More information about the keycloak-user
mailing list