<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<div class="moz-cite-prefix">On 18/12/15 09:39, Stian Thorgersen
wrote:<br>
</div>
<blockquote
cite="mid:CAJgngAears5=RHMAsAPNNwi0QYe2sZNxmY=a_Enwq5NcvwHxYg@mail.gmail.com"
type="cite">
<div dir="ltr"><br>
<div class="gmail_extra"><br>
<div class="gmail_quote">On 18 December 2015 at 09:35, Marek
Posolda <span dir="ltr"><<a moz-do-not-send="true"
href="mailto:mposolda@redhat.com" target="_blank">mposolda@redhat.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF"><span class="">
<div>On 18/12/15 08:23, Stian Thorgersen wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">The best solution to that is either
the ability to share users between realms or more
likely the ability to define a SSO group within a
realm. Each SSO group would have independent SSO
sessions and could also have separate themes
associated with it. It's not something we have
resources for right now though. <br>
</div>
</blockquote>
</span> I wonder if we can have something like
"different-realm-user-federation-provider" ? We had
something like this in the early days of Keycloak.<br>
<br>
For example, if you have 2 realms "blueRealm" and
"greenRealm" . The greenRealm will have defined
federation provider, which will delegate retrieving
users to blueRealm. Then all applications configured
against greenRealm will see green login screen, but they
will be able to authenticate with users+passwords from
blueRealm. <br>
</div>
</blockquote>
<div><br>
</div>
<div>That's not very elegant at least not ATM as we would
end up duplicating the users in the DB.</div>
</div>
</div>
</div>
</blockquote>
Yeah. Once we address in-memory federation, it's going to be better
though. Might be easier then introduce brand new concept of SSO
groups within realm.<br>
<br>
Marek<br>
<blockquote
cite="mid:CAJgngAears5=RHMAsAPNNwi0QYe2sZNxmY=a_Enwq5NcvwHxYg@mail.gmail.com"
type="cite">
<div dir="ltr">
<div class="gmail_extra">
<div class="gmail_quote">
<div> </div>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF"><span class="HOEnZb"><font
color="#888888"> <br>
Marek</font></span>
<div>
<div class="h5"><br>
<br>
<blockquote type="cite">
<div dir="ltr">
<div><br>
</div>
<div>Simply displaying a different theme
per-client just doesn't make any sense at all.
Users log-in to a SSO realm, not an individual
client. So I'm against adding something like
that unless we add the ability to log-in to
clients or groups of clients individually.</div>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On 18 December 2015 at
03:08, Raghuram Prabhala <span dir="ltr"><<a
moz-do-not-send="true"
href="mailto:prabhalar@yahoo.com"
target="_blank"><a class="moz-txt-link-abbreviated" href="mailto:prabhalar@yahoo.com">prabhalar@yahoo.com</a></a>></span>
wrote:<br>
<blockquote class="gmail_quote"
style="margin:0 0 0 .8ex;border-left:1px
#ccc solid;padding-left:1ex">
<div>
<div
style="color:#000;background-color:#fff;font-family:Courier
New,courier,monaco,monospace,sans-serif;font-size:13px">
<div>Pe</div>
<br>
<div>It depends upon the application
that the user accesses. We have
several scenarios where the same set
of users login to different
applications in different divisions,
some internet facing that have a
totally different look from our
intranet ones and it also depends upon
whether the applications look for
multi factor authentication as well.</div>
<div><br>
</div>
<div>This is a very common scenario - We
typically have different themes
presented to the users based on what
the client applications request
(different themes can be requested
utilizing different http parameters)</div>
<div><br>
</div>
<div dir="ltr">Perhaps we can define
different realms for different themes
but it becomes very cumbersome<br>
</div>
<div><br>
</div>
<div><br>
<br>
</div>
<div style="display:block">
<div style="font-family:Courier
New,courier,monaco,monospace,sans-serif;font-size:13px">
<div
style="font-family:HelveticaNeue,Helvetica
Neue,Helvetica,Arial,Lucida
Grande,sans-serif;font-size:16px">
<div dir="ltr"> <font
face="Arial" size="2"><span>
<hr size="1"> <b><span
style="font-weight:bold">From:</span></b>
Stian Thorgersen <<a
moz-do-not-send="true"
href="mailto:sthorger@redhat.com"
target="_blank"><a class="moz-txt-link-abbreviated" href="mailto:sthorger@redhat.com">sthorger@redhat.com</a></a>><br>
</span><b><span
style="font-weight:bold">To:</span></b>
Raghuram Prabhala <<a
moz-do-not-send="true"
href="mailto:prabhalar@yahoo.com"
target="_blank"><a class="moz-txt-link-abbreviated" href="mailto:prabhalar@yahoo.com">prabhalar@yahoo.com</a></a>>
<br>
<b><span
style="font-weight:bold">Cc:</span></b>
Revanth Ayalasomayajula <<a
moz-do-not-send="true"
href="mailto:revanth@arvindinternet.com"
target="_blank"><a class="moz-txt-link-abbreviated" href="mailto:revanth@arvindinternet.com">revanth@arvindinternet.com</a></a>>;
keycloak-user <<a
moz-do-not-send="true"
href="mailto:keycloak-user@lists.jboss.org"
target="_blank"><a class="moz-txt-link-abbreviated" href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a></a>><br>
<b><span
style="font-weight:bold">Sent:</span></b>
Thursday, December 17, 2015
9:28 AM
<div>
<div><br>
<b><span
style="font-weight:bold">Subject:</span></b>
Re: [keycloak-user]
Different theme for each
client<br>
</div>
</div>
</font> </div>
<div>
<div>
<div><br>
<div>
<div>
<div dir="ltr"><br
clear="none">
<div><br clear="none">
<div>On 17 December
2015 at 14:44,
Raghuram Prabhala
<span dir="ltr"><<a
moz-do-not-send="true" href="mailto:prabhalar@yahoo.com" target="_blank"><a class="moz-txt-link-abbreviated" href="mailto:prabhalar@yahoo.com">prabhalar@yahoo.com</a></a>></span>
wrote:<br
clear="none">
<blockquote
style="margin:0
0 0
.8ex;border-left:1px
#ccc
solid;padding-left:1ex">
<div>
<div
style="color:#000;background-color:#fff;font-family:Courier
New,courier,monaco,monospace,sans-serif;font-size:13px">
<div dir="ltr"><span>Stian
- Even we have
a similar
requirement of
having
different
themes, but
for different
divisions
within the
firm. Some of
them have
additional
functionality
of changing
even the
password. Can
you suggest
some way of
achieving the
above
functionality
considering
that all the
other
functionality
is the same
for all
divisions?</span></div>
</div>
</div>
</blockquote>
<div><br
clear="none">
</div>
<div>Not actually
sure what you
mean here. It
just doesn't
make sense to
show a user two
login pages that
look different
(and possible
have different
things
enabled/disable)
if they use the
same realm and
SSO session.</div>
<div>
<div> </div>
<blockquote
style="margin:0
0 0
.8ex;border-left:1px
#ccc
solid;padding-left:1ex">
<div>
<div
style="color:#000;background-color:#fff;font-family:Courier
New,courier,monaco,monospace,sans-serif;font-size:13px">
<div dir="ltr"><span><br
clear="none">
</span></div>
<div dir="ltr"><span>Thanks,</span></div>
<div dir="ltr"><span>Raghu</span></div>
<div><br
clear="none">
</div>
<div
style="display:block">
<div
style="font-family:Courier
New,courier,monaco,monospace,sans-serif;font-size:13px">
<div
style="font-family:HelveticaNeue,Helvetica
Neue,Helvetica,Arial,Lucida
Grande,sans-serif;font-size:16px">
<div dir="ltr">
<font
face="Arial"
size="2"> </font>
<hr size="1">
<b><span
style="font-weight:bold">From:</span></b>
Stian
Thorgersen
<<a
moz-do-not-send="true"
href="mailto:sthorger@redhat.com" target="_blank"><a class="moz-txt-link-abbreviated" href="mailto:sthorger@redhat.com">sthorger@redhat.com</a></a>><br
clear="none">
<b><span
style="font-weight:bold">To:</span></b>
Revanth
Ayalasomayajula
<<a
moz-do-not-send="true"
href="mailto:revanth@arvindinternet.com" target="_blank"><a class="moz-txt-link-abbreviated" href="mailto:revanth@arvindinternet.com">revanth@arvindinternet.com</a></a>>
<br
clear="none">
<b><span
style="font-weight:bold">Cc:</span></b>
keycloak-user
<<a
moz-do-not-send="true"
href="mailto:keycloak-user@lists.jboss.org" target="_blank"><a class="moz-txt-link-abbreviated" href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a></a>><br
clear="none">
<b><span
style="font-weight:bold">Sent:</span></b>
Thursday,
December 17,
2015 8:05 AM<br
clear="none">
<b><span
style="font-weight:bold">Subject:</span></b>
Re:
[keycloak-user]
Different
theme for each
client<br
clear="none">
</div>
<div>
<div>
<div><br
clear="none">
<div>
<div>
<div dir="ltr">Having
different
clients login
to the same
SSO realm with
different
branded login
pages just
doesn't make
sense. If we
add the
concept of a
SSO
domain/zone or
something
within a
realm, where a
group of
clients have
separate
themes and SSO
session that
would make
sense.</div>
<div><br
clear="none">
<div>
<div>On 15
December 2015
at 12:14,
Revanth
Ayalasomayajula
<span
dir="ltr"><<a
moz-do-not-send="true" href="mailto:revanth@arvindinternet.com"
target="_blank"><a class="moz-txt-link-abbreviated" href="mailto:revanth@arvindinternet.com">revanth@arvindinternet.com</a></a>></span>
wrote:<br
clear="none">
<blockquote
style="margin:0
0 0
.8ex;border-left:1px
#ccc
solid;padding-left:1ex">
<div dir="ltr">+1
for this
feature.</div>
<div
style="max-height:1px"><img
moz-do-not-send="true" style="width:0px;max-height:0px;overflow:hidden"><font
size="1"
color="#ffffff">ᐧ</font></div>
<div><br
clear="none">
<div>
<div>
<div>On Tue,
Dec 15, 2015
at 4:39 PM,
Helder dos S.
Alves <span
dir="ltr"><<a
moz-do-not-send="true" href="mailto:helder.jaspion@gmail.com"
target="_blank"><a class="moz-txt-link-abbreviated" href="mailto:helder.jaspion@gmail.com">helder.jaspion@gmail.com</a></a>></span>
wrote:<br
clear="none">
</div>
</div>
<blockquote
style="margin:0
0 0
.8ex;border-left:1px
#ccc
solid;padding-left:1ex">
<div>
<div>
<div dir="ltr">
<div>Hi.</div>
<div><br
clear="none">
</div>
<div>I need to
have a
different
theme for each
of the clients
of a realm.</div>
<div>If a user
came from one
client, I have
to show a
keycloak page
with the logo
and skin of
that client.</div>
<div>Is it
possible with
Keycloak? How?</div>
<div><br
clear="none">
</div>
<div>Thanks in
advance.</div>
<span></span>
<div><br
clear="none">
</div>
<br
clear="all">
<div>
<div>
<div dir="ltr">
<div>
<div dir="ltr">Helder
S. Alves<br
clear="none">
</div>
</div>
</div>
</div>
</div>
</div>
<br
clear="none">
</div>
</div>
_______________________________________________<br clear="none">
keycloak-user
mailing list<br
clear="none">
<a
moz-do-not-send="true"
href="mailto:keycloak-user@lists.jboss.org" target="_blank"><a class="moz-txt-link-abbreviated" href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a></a><br
clear="none">
<a
moz-do-not-send="true"
href="https://lists.jboss.org/mailman/listinfo/keycloak-user"
target="_blank"><a class="moz-txt-link-freetext" href="https://lists.jboss.org/mailman/listinfo/keycloak-user">https://lists.jboss.org/mailman/listinfo/keycloak-user</a></a><br
clear="none">
</blockquote>
</div>
<br
clear="none">
</div>
<br
clear="none">
_______________________________________________<br clear="none">
keycloak-user
mailing list<br
clear="none">
<a
moz-do-not-send="true"
href="mailto:keycloak-user@lists.jboss.org" target="_blank"><a class="moz-txt-link-abbreviated" href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a></a><br
clear="none">
<a
moz-do-not-send="true"
href="https://lists.jboss.org/mailman/listinfo/keycloak-user"
target="_blank"><a class="moz-txt-link-freetext" href="https://lists.jboss.org/mailman/listinfo/keycloak-user">https://lists.jboss.org/mailman/listinfo/keycloak-user</a></a><br
clear="none">
</blockquote>
</div>
<br
clear="none">
</div>
</div>
</div>
</div>
<br
clear="none">
<div>_______________________________________________<br
clear="none">
keycloak-user
mailing list<br
clear="none">
<a
moz-do-not-send="true"
href="mailto:keycloak-user@lists.jboss.org" target="_blank"><a class="moz-txt-link-abbreviated" href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a></a><br
clear="none">
<a
moz-do-not-send="true"
href="https://lists.jboss.org/mailman/listinfo/keycloak-user"
target="_blank"><a class="moz-txt-link-freetext" href="https://lists.jboss.org/mailman/listinfo/keycloak-user">https://lists.jboss.org/mailman/listinfo/keycloak-user</a></a></div>
<br
clear="none">
<br
clear="none">
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</blockquote>
</div>
</div>
<div><br
clear="none">
</div>
</div>
</div>
</div>
</div>
<br>
<br>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</blockquote>
</div>
<br>
</div>
<br>
<fieldset></fieldset>
<br>
<pre>_______________________________________________
keycloak-user mailing list
<a moz-do-not-send="true" href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.jboss.org</a>
<a moz-do-not-send="true" href="https://lists.jboss.org/mailman/listinfo/keycloak-user" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a></pre>
</blockquote>
<br>
</div>
</div>
</div>
</blockquote>
</div>
<br>
</div>
</div>
</blockquote>
<br>
</body>
</html>