My goal is to have several web services (which reside at
sub1.domain.com,
sub2.domain.com, etc.) all redirect users to
auth.domain.com for login.
When a user is logged in and visits one of the web services, the web
service should be able to get the user's identity from a claim signed by
the authentication service (keycloak). The only way I know of to do this is
to pass a claim in a cookie.
Ideally, the web service should be able to verify the identity claim
without needing to emit an HTTP request to the auth service (by verifying
the signature against the realm's public key).
Is keycloak the right choice for this? and if not, do you have any
recommendations?
On Mon, Oct 26, 2015 at 9:49 AM, Marek Posolda - mposolda(a)redhat.com <
keycloak-user.myq.aa3199607d.mposolda#redhat.com(a)ob.0sg.net> wrote:
This doesn't seem to be supported. Question is why you need it?
All the
cookies like KEYCLOAK_IDENTITY are set by keycloak server and it's just the
keycloak server, which is supposed to read them.
Marek
On 26/10/15 14:26, keycloak-user.myq(a)xoxy.net wrote:
Hello. How can I set the domain of session cookies?
I want to run keycloak at
auth.mydomain.com and get the session cookies
(for SSO) at other subdomains of
mydomain.com.
Browsers will allow
sub.domain.com to set cookies for
domain.com, but I
can't figure out how to get Keycloak to do this.
Thanks in advance!
_______________________________________________
keycloak-user mailing
listkeycloak-user@lists.jboss.orghttps://lists.jboss.org/mailman/listinfo/keycloak-user