<html>
  <head>
    <meta content="text/html; charset=utf-8" http-equiv="Content-Type">
  </head>
  <body bgcolor="#FFFFFF" text="#000000">
    <br>
    <pre class="moz-signature" cols="72">___
Rafael T. C. Soares</pre>
    <div class="moz-cite-prefix">On 06/02/2016 02:43 AM, Stian
      Thorgersen wrote:<br>
    </div>
    <blockquote
cite="mid:CAJgngAeMet6T_-JaznBRAZkGNAgfU120xGfG697KkAgLaWb7Vg@mail.gmail.com"
      type="cite">
      <div dir="ltr"><br>
        <div class="gmail_extra"><br>
          <div class="gmail_quote">On 2 June 2016 at 04:13, Rafael T. C.
            Soares <span dir="ltr">&lt;<a moz-do-not-send="true"
                href="mailto:rsoares@redhat.com" target="_blank">rsoares@redhat.com</a>&gt;</span>
            wrote:<br>
            <blockquote class="gmail_quote" style="margin:0 0 0
              .8ex;border-left:1px #ccc solid;padding-left:1ex">
              <div bgcolor="#FFFFFF" text="#000000"> Hi!<br>
                <br>
                Please ignore my last question.<br>
                <br>
                It worked fine. Keycloak checks the existence of a
                Session for the user logged in the first app. Obviously
                the SSO will happen if I try to access the other app
                using the same Browser Session. Additionally I suppose 
                both apps have to be under the same realm. Makes sense?<br>
              </div>
            </blockquote>
            <div><br>
            </div>
            <div>Yes, the SSO session is bound to one realm and browser
              session</div>
            <div> </div>
            <blockquote class="gmail_quote" style="margin:0 0 0
              .8ex;border-left:1px #ccc solid;padding-left:1ex">
              <div bgcolor="#FFFFFF" text="#000000"> <br>
                BTW, is it possible to disable Single Sign out for a
                specific client app?</div>
            </blockquote>
            <div><br>
            </div>
            <div>Not sure what you mean about disabling single sign out?
              Do you want to client to have access after the user has
              logged-out? If so you can use offline tokens if you are
              using OpenID Connect</div>
          </div>
        </div>
      </div>
    </blockquote>
    For example In my scenario If the user logout from the second app
    (sharing the same browser session and realm) it should be logged out
    only from that app (2nd). But should remain logged in the 1st one.
    Does it makes sense? Is that possible?<br>
    <blockquote
cite="mid:CAJgngAeMet6T_-JaznBRAZkGNAgfU120xGfG697KkAgLaWb7Vg@mail.gmail.com"
      type="cite">
      <div dir="ltr">
        <div class="gmail_extra">
          <div class="gmail_quote">
            <div> </div>
            <blockquote class="gmail_quote" style="margin:0 0 0
              .8ex;border-left:1px #ccc solid;padding-left:1ex">
              <div bgcolor="#FFFFFF" text="#000000"><span class=""><br>
                  <pre cols="72">___
Rafael T. C. Soares</pre>
                </span>
                <div>
                  <div class="h5">
                    <div>On 06/01/2016 07:26 PM, Rafael T. C. Soares
                      wrote:<br>
                    </div>
                    <blockquote type="cite"> <font size="-1"><font
                          face="DejaVu Sans">Hi!<br>
                          <br>
                          I have one common realm (eg: demo-realm) with
                          two client apps under it:<br>
                          <br>
                           - 1st app using SAML protocol - hosted in app
                          srv 1 (tomcat)<br>
                           - 2nd app using Keycloak default OpenID
                          Connect - hosted in app srv 2 (JBoss EAP)<br>
                          <br>
                          What I need to do in order to enable SSO
                          between these both apps?<br>
                          <br>
                          I tried log in in the 1st one and them tried
                          to access the 2nd one, but the SSO does not
                          works :-/<br>
                          <br>
                        </font></font>
                      <pre cols="72">-- 
___
Rafael T. C. Soares</pre>
                    </blockquote>
                    <br>
                  </div>
                </div>
              </div>
              <br>
              _______________________________________________<br>
              keycloak-user mailing list<br>
              <a moz-do-not-send="true"
                href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br>
              <a moz-do-not-send="true"
                href="https://lists.jboss.org/mailman/listinfo/keycloak-user"
                rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br>
            </blockquote>
          </div>
          <br>
        </div>
      </div>
    </blockquote>
    <br>
  </body>
</html>