<div dir="ltr"><br><div class="gmail_extra"><br><div class="gmail_quote">On 2 June 2016 at 15:06, Rafael T. C. Soares <span dir="ltr"><<a href="mailto:rsoares@redhat.com" target="_blank">rsoares@redhat.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000"><span class="">
<br>
<pre cols="72">___
Rafael T. C. Soares</pre>
</span><span class=""><div>On 06/02/2016 02:43 AM, Stian
Thorgersen wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr"><br>
<div class="gmail_extra"><br>
<div class="gmail_quote">On 2 June 2016 at 04:13, Rafael T. C.
Soares <span dir="ltr"><<a href="mailto:rsoares@redhat.com" target="_blank">rsoares@redhat.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000"> Hi!<br>
<br>
Please ignore my last question.<br>
<br>
It worked fine. Keycloak checks the existence of a
Session for the user logged in the first app. Obviously
the SSO will happen if I try to access the other app
using the same Browser Session. Additionally I suppose
both apps have to be under the same realm. Makes sense?<br>
</div>
</blockquote>
<div><br>
</div>
<div>Yes, the SSO session is bound to one realm and browser
session</div>
<div> </div>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000"> <br>
BTW, is it possible to disable Single Sign out for a
specific client app?</div>
</blockquote>
<div><br>
</div>
<div>Not sure what you mean about disabling single sign out?
Do you want to client to have access after the user has
logged-out? If so you can use offline tokens if you are
using OpenID Connect</div>
</div>
</div>
</div>
</blockquote></span>
For example In my scenario If the user logout from the second app
(sharing the same browser session and realm) it should be logged out
only from that app (2nd). But should remain logged in the 1st one.
Does it makes sense? Is that possible?</div></blockquote><div><br></div><div>Not really. It's SSO and all apps are using the same SSO session. In either case it's not really supported.</div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div bgcolor="#FFFFFF" text="#000000"><span class=""><br>
<blockquote type="cite">
<div dir="ltr">
<div class="gmail_extra">
<div class="gmail_quote">
<div> </div>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000"><span><br>
<pre cols="72">___
Rafael T. C. Soares</pre>
</span>
<div>
<div>
<div>On 06/01/2016 07:26 PM, Rafael T. C. Soares
wrote:<br>
</div>
<blockquote type="cite"> <font size="-1"><font face="DejaVu Sans">Hi!<br>
<br>
I have one common realm (eg: demo-realm) with
two client apps under it:<br>
<br>
- 1st app using SAML protocol - hosted in app
srv 1 (tomcat)<br>
- 2nd app using Keycloak default OpenID
Connect - hosted in app srv 2 (JBoss EAP)<br>
<br>
What I need to do in order to enable SSO
between these both apps?<br>
<br>
I tried log in in the 1st one and them tried
to access the 2nd one, but the SSO does not
works :-/<br>
<br>
</font></font>
<pre cols="72">--
___
Rafael T. C. Soares</pre>
</blockquote>
<br>
</div>
</div>
</div>
<br>
_______________________________________________<br>
keycloak-user mailing list<br>
<a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br>
</blockquote>
</div>
<br>
</div>
</div>
</blockquote>
<br>
</span></div>
</blockquote></div><br></div></div>