<div dir="ltr"><br><div class="gmail_extra"><br><div class="gmail_quote">On 18 December 2015 at 09:44, Marek Posolda <span dir="ltr">&lt;<a href="mailto:mposolda@redhat.com" target="_blank">mposolda@redhat.com</a>&gt;</span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
  
    
  
  <div text="#000000" bgcolor="#FFFFFF"><span class="">
    <div>On 18/12/15 09:39, Stian Thorgersen
      wrote:<br>
    </div>
    <blockquote type="cite">
      <div dir="ltr"><br>
        <div class="gmail_extra"><br>
          <div class="gmail_quote">On 18 December 2015 at 09:35, Marek
            Posolda <span dir="ltr">&lt;<a href="mailto:mposolda@redhat.com" target="_blank">mposolda@redhat.com</a>&gt;</span>
            wrote:<br>
            <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
              <div text="#000000" bgcolor="#FFFFFF"><span>
                  <div>On 18/12/15 08:23, Stian Thorgersen wrote:<br>
                  </div>
                  <blockquote type="cite">
                    <div dir="ltr">The best solution to that is either
                      the ability to share users between realms or more
                      likely the ability to define a SSO group within a
                      realm. Each SSO group would have independent SSO
                      sessions and could also have separate themes
                      associated with it. It&#39;s not something we have
                      resources for right now though. <br>
                    </div>
                  </blockquote>
                </span> I wonder if we can have something like
                &quot;different-realm-user-federation-provider&quot; ? We had
                something like this in the early days of Keycloak.<br>
                <br>
                For example, if you have 2 realms &quot;blueRealm&quot; and
                &quot;greenRealm&quot; . The greenRealm will have defined
                federation provider, which will delegate retrieving
                users to blueRealm. Then all applications configured
                against greenRealm will see green login screen, but they
                will be able to authenticate with users+passwords from
                blueRealm. <br>
              </div>
            </blockquote>
            <div><br>
            </div>
            <div>That&#39;s not very elegant at least not ATM as we would
              end up duplicating the users in the DB.</div>
          </div>
        </div>
      </div>
    </blockquote></span>
    Yeah. Once we address in-memory federation, it&#39;s going to be better
    though. Might be easier then introduce brand new concept of SSO
    groups within realm.</div></blockquote><div><br></div><div>I think SSO groups would be useful. User federation doesn&#39;t allow sharing anything besides users. You may for instance have a bunch of services and a a few internal apps, but one external app. You&#39;d like the external app to be able to call services, but not be part of the internal SSO.</div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div text="#000000" bgcolor="#FFFFFF"><span class="HOEnZb"><font color="#888888"><br>
    <br>
    Marek</font></span><div><div class="h5"><br>
    <blockquote type="cite">
      <div dir="ltr">
        <div class="gmail_extra">
          <div class="gmail_quote">
            <div> </div>
            <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
              <div text="#000000" bgcolor="#FFFFFF"><span><font color="#888888"> <br>
                    Marek</font></span>
                <div>
                  <div><br>
                    <br>
                    <blockquote type="cite">
                      <div dir="ltr">
                        <div><br>
                        </div>
                        <div>Simply displaying a different theme
                          per-client just doesn&#39;t make any sense at all.
                          Users log-in to a SSO realm, not an individual
                          client. So I&#39;m against adding something like
                          that unless we add the ability to log-in to
                          clients or groups of clients individually.</div>
                      </div>
                      <div class="gmail_extra"><br>
                        <div class="gmail_quote">On 18 December 2015 at
                          03:08, Raghuram Prabhala <span dir="ltr">&lt;<a href="mailto:prabhalar@yahoo.com" target="_blank"></a><a href="mailto:prabhalar@yahoo.com" target="_blank">prabhalar@yahoo.com</a>&gt;</span>
                          wrote:<br>
                          <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
                            <div>
                              <div style="color:#000;background-color:#fff;font-family:Courier New,courier,monaco,monospace,sans-serif;font-size:13px">
                                <div>Pe</div>
                                <br>
                                <div>It depends upon the application
                                  that the user accesses. We have
                                  several scenarios where the same set
                                  of users login to different
                                  applications in different divisions,
                                  some internet facing that have a
                                  totally different look from our
                                  intranet ones and it also depends upon
                                  whether the applications look for
                                  multi factor authentication as well.</div>
                                <div><br>
                                </div>
                                <div>This is a very common scenario - We
                                  typically have different themes
                                  presented to the users based on what
                                  the client applications request
                                  (different themes can be requested
                                  utilizing different http parameters)</div>
                                <div><br>
                                </div>
                                <div dir="ltr">Perhaps we can define
                                  different realms for different themes
                                  but it becomes very cumbersome<br>
                                </div>
                                <div><br>
                                </div>
                                <div><br>
                                  <br>
                                </div>
                                <div style="display:block">
                                  <div style="font-family:Courier New,courier,monaco,monospace,sans-serif;font-size:13px">
                                    <div style="font-family:HelveticaNeue,Helvetica Neue,Helvetica,Arial,Lucida Grande,sans-serif;font-size:16px">
                                      <div dir="ltr"> <font face="Arial" size="2"><span>
                                            <hr size="1"> <b><span style="font-weight:bold">From:</span></b>
                                            Stian Thorgersen &lt;<a href="mailto:sthorger@redhat.com" target="_blank"></a><a href="mailto:sthorger@redhat.com" target="_blank">sthorger@redhat.com</a>&gt;<br>
                                          </span><b><span style="font-weight:bold">To:</span></b>
                                          Raghuram Prabhala &lt;<a href="mailto:prabhalar@yahoo.com" target="_blank"></a><a href="mailto:prabhalar@yahoo.com" target="_blank">prabhalar@yahoo.com</a>&gt;

                                          <br>
                                          <b><span style="font-weight:bold">Cc:</span></b>
                                          Revanth Ayalasomayajula &lt;<a href="mailto:revanth@arvindinternet.com" target="_blank"></a><a href="mailto:revanth@arvindinternet.com" target="_blank">revanth@arvindinternet.com</a>&gt;;

                                          keycloak-user &lt;<a href="mailto:keycloak-user@lists.jboss.org" target="_blank"></a><a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.jboss.org</a>&gt;<br>
                                          <b><span style="font-weight:bold">Sent:</span></b>
                                          Thursday, December 17, 2015
                                          9:28 AM
                                          <div>
                                            <div><br>
                                              <b><span style="font-weight:bold">Subject:</span></b>
                                              Re: [keycloak-user]
                                              Different theme for each
                                              client<br>
                                            </div>
                                          </div>
                                        </font> </div>
                                      <div>
                                        <div>
                                          <div><br>
                                            <div>
                                              <div>
                                                <div dir="ltr"><br clear="none">
                                                  <div><br clear="none">
                                                    <div>On 17 December
                                                      2015 at 14:44,
                                                      Raghuram Prabhala
                                                      <span dir="ltr">&lt;<a href="mailto:prabhalar@yahoo.com" target="_blank"></a><a href="mailto:prabhalar@yahoo.com" target="_blank">prabhalar@yahoo.com</a>&gt;</span>
                                                      wrote:<br clear="none">
                                                      <blockquote style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
                                                        <div>
                                                          <div style="color:#000;background-color:#fff;font-family:Courier New,courier,monaco,monospace,sans-serif;font-size:13px">
                                                          <div dir="ltr"><span>Stian
                                                          - Even we have
                                                          a similar
                                                          requirement of
                                                          having
                                                          different
                                                          themes, but
                                                          for different
                                                          divisions
                                                          within the
                                                          firm. Some of
                                                          them have
                                                          additional
                                                          functionality
                                                          of changing
                                                          even the
                                                          password. Can
                                                          you suggest
                                                          some way of
                                                          achieving the
                                                          above
                                                          functionality
                                                          considering
                                                          that all the
                                                          other
                                                          functionality
                                                          is the same
                                                          for all
                                                          divisions?</span></div>
                                                          </div>
                                                        </div>
                                                      </blockquote>
                                                      <div><br clear="none">
                                                      </div>
                                                      <div>Not actually
                                                        sure what you
                                                        mean here. It
                                                        just doesn&#39;t
                                                        make sense to
                                                        show a user two
                                                        login pages that
                                                        look different
                                                        (and possible
                                                        have different
                                                        things
                                                        enabled/disable)
                                                        if they use the
                                                        same realm and
                                                        SSO session.</div>
                                                      <div>
                                                        <div> </div>
                                                        <blockquote style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
                                                          <div>
                                                          <div style="color:#000;background-color:#fff;font-family:Courier New,courier,monaco,monospace,sans-serif;font-size:13px">
                                                          <div dir="ltr"><span><br clear="none">
                                                          </span></div>
                                                          <div dir="ltr"><span>Thanks,</span></div>
                                                          <div dir="ltr"><span>Raghu</span></div>
                                                          <div><br clear="none">
                                                          </div>
                                                          <div style="display:block">
                                                          <div style="font-family:Courier New,courier,monaco,monospace,sans-serif;font-size:13px">
                                                          <div style="font-family:HelveticaNeue,Helvetica Neue,Helvetica,Arial,Lucida Grande,sans-serif;font-size:16px">
                                                          <div dir="ltr">
                                                          <font face="Arial" size="2"> </font>
                                                          <hr size="1">
                                                          <b><span style="font-weight:bold">From:</span></b>
                                                          Stian
                                                          Thorgersen
                                                          &lt;<a href="mailto:sthorger@redhat.com" target="_blank"></a><a href="mailto:sthorger@redhat.com" target="_blank">sthorger@redhat.com</a>&gt;<br clear="none">
                                                          <b><span style="font-weight:bold">To:</span></b>
                                                          Revanth
                                                          Ayalasomayajula
                                                          &lt;<a href="mailto:revanth@arvindinternet.com" target="_blank"></a><a href="mailto:revanth@arvindinternet.com" target="_blank">revanth@arvindinternet.com</a>&gt;

                                                          <br clear="none">
                                                          <b><span style="font-weight:bold">Cc:</span></b>
                                                          keycloak-user
                                                          &lt;<a href="mailto:keycloak-user@lists.jboss.org" target="_blank"></a><a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.jboss.org</a>&gt;<br clear="none">
                                                          <b><span style="font-weight:bold">Sent:</span></b>
                                                          Thursday,
                                                          December 17,
                                                          2015 8:05 AM<br clear="none">
                                                          <b><span style="font-weight:bold">Subject:</span></b>
                                                          Re:
                                                          [keycloak-user]
                                                          Different
                                                          theme for each
                                                          client<br clear="none">
                                                          </div>
                                                          <div>
                                                          <div>
                                                          <div><br clear="none">
                                                          <div>
                                                          <div>
                                                          <div dir="ltr">Having

                                                          different
                                                          clients login
                                                          to the same
                                                          SSO realm with
                                                          different
                                                          branded login
                                                          pages just
                                                          doesn&#39;t make
                                                          sense. If we
                                                          add the
                                                          concept of a
                                                          SSO
                                                          domain/zone or
                                                          something
                                                          within a
                                                          realm, where a
                                                          group of
                                                          clients have
                                                          separate
                                                          themes and SSO
                                                          session that
                                                          would make
                                                          sense.</div>
                                                          <div><br clear="none">
                                                          <div>
                                                          <div>On 15
                                                          December 2015
                                                          at 12:14,
                                                          Revanth
                                                          Ayalasomayajula
                                                          <span dir="ltr">&lt;<a href="mailto:revanth@arvindinternet.com" target="_blank"></a><a href="mailto:revanth@arvindinternet.com" target="_blank">revanth@arvindinternet.com</a>&gt;</span>
                                                          wrote:<br clear="none">
                                                          <blockquote style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
                                                          <div dir="ltr">+1

                                                          for this
                                                          feature.</div>
                                                          <div style="max-height:1px"><img style="width:0px;max-height:0px;overflow:hidden"><font size="1" color="#ffffff">ᐧ</font></div>
                                                          <div><br clear="none">
                                                          <div>
                                                          <div>
                                                          <div>On Tue,
                                                          Dec 15, 2015
                                                          at 4:39 PM,
                                                          Helder dos S.
                                                          Alves <span dir="ltr">&lt;<a href="mailto:helder.jaspion@gmail.com" target="_blank"></a><a href="mailto:helder.jaspion@gmail.com" target="_blank">helder.jaspion@gmail.com</a>&gt;</span>
                                                          wrote:<br clear="none">
                                                          </div>
                                                          </div>
                                                          <blockquote style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
                                                          <div>
                                                          <div>
                                                          <div dir="ltr">
                                                          <div>Hi.</div>
                                                          <div><br clear="none">
                                                          </div>
                                                          <div>I need to
                                                          have a
                                                          different
                                                          theme for each
                                                          of the clients
                                                          of a realm.</div>
                                                          <div>If a user
                                                          came from one
                                                          client, I have
                                                          to show a
                                                          keycloak page
                                                          with the logo
                                                          and skin of
                                                          that client.</div>
                                                          <div>Is it
                                                          possible with
                                                          Keycloak? How?</div>
                                                          <div><br clear="none">
                                                          </div>
                                                          <div>Thanks in
                                                          advance.</div>
                                                          <span></span>
                                                          <div><br clear="none">
                                                          </div>
                                                          <br clear="all">
                                                          <div>
                                                          <div>
                                                          <div dir="ltr">
                                                          <div>
                                                          <div dir="ltr">Helder

                                                          S. Alves<br clear="none">
                                                          </div>
                                                          </div>
                                                          </div>
                                                          </div>
                                                          </div>
                                                          </div>
                                                          <br clear="none">
                                                          </div>
                                                          </div>
_______________________________________________<br clear="none">
                                                          keycloak-user
                                                          mailing list<br clear="none">
                                                          <a href="mailto:keycloak-user@lists.jboss.org" target="_blank"></a><a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.jboss.org</a><br clear="none">
                                                          <a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" target="_blank"></a><a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br clear="none">
                                                          </blockquote>
                                                          </div>
                                                          <br clear="none">
                                                          </div>
                                                          <br clear="none">
_______________________________________________<br clear="none">
                                                          keycloak-user
                                                          mailing list<br clear="none">
                                                          <a href="mailto:keycloak-user@lists.jboss.org" target="_blank"></a><a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.jboss.org</a><br clear="none">
                                                          <a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" target="_blank"></a><a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br clear="none">
                                                          </blockquote>
                                                          </div>
                                                          <br clear="none">
                                                          </div>
                                                          </div>
                                                          </div>
                                                          </div>
                                                          <br clear="none">
                                                          <div>_______________________________________________<br clear="none">
                                                          keycloak-user
                                                          mailing list<br clear="none">
                                                          <a href="mailto:keycloak-user@lists.jboss.org" target="_blank"></a><a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.jboss.org</a><br clear="none">
                                                          <a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" target="_blank"></a><a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a></div>
                                                          <br clear="none">
                                                          <br clear="none">
                                                          </div>
                                                          </div>
                                                          </div>
                                                          </div>
                                                          </div>
                                                          </div>
                                                          </div>
                                                          </div>
                                                        </blockquote>
                                                      </div>
                                                    </div>
                                                    <div><br clear="none">
                                                    </div>
                                                  </div>
                                                </div>
                                              </div>
                                            </div>
                                            <br>
                                            <br>
                                          </div>
                                        </div>
                                      </div>
                                    </div>
                                  </div>
                                </div>
                              </div>
                            </div>
                          </blockquote>
                        </div>
                        <br>
                      </div>
                      <br>
                      <fieldset></fieldset>
                      <br>
                      <pre>_______________________________________________
keycloak-user mailing list
<a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.jboss.org</a>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a></pre>
                    </blockquote>
                    <br>
                  </div>
                </div>
              </div>
            </blockquote>
          </div>
          <br>
        </div>
      </div>
    </blockquote>
    <br>
  </div></div></div>

</blockquote></div><br></div></div>