These are browser based apps? If so, Keycloak *ALREADY* does this.
Obtaining claims is not done by cookies, but rather the SSO protocol
(OpenID Connect or SAML).
On 10/26/2015 10:21 AM, keycloak-user.myq(a)xoxy.net wrote:
My goal is to have several web services (which reside at
sub1.domain.com
<
http://sub1.domain.com>,
sub2.domain.com <
http://sub2.domain.com>,
etc.) all redirect users to
auth.domain.com <
http://auth.domain.com> for
login. When a user is logged in and visits one of the web services, the
web service should be able to get the user's identity from a claim
signed by the authentication service (keycloak). The only way I know of
to do this is to pass a claim in a cookie.
Ideally, the web service should be able to verify the identity claim
without needing to emit an HTTP request to the auth service (by
verifying the signature against the realm's public key).
Is keycloak the right choice for this? and if not, do you have any
recommendations?
On Mon, Oct 26, 2015 at 9:49 AM, Marek Posolda - mposolda(a)redhat.com
<mailto:mposolda@redhat.com>
<keycloak-user.myq.aa3199607d.mposolda#redhat.com(a)ob.0sg.net
<mailto:keycloak-user.myq.aa3199607d.mposolda#redhat.com@ob.0sg.net>> wrote:
This doesn't seem to be supported. Question is why you need it? All
the cookies like KEYCLOAK_IDENTITY are set by keycloak server and
it's just the keycloak server, which is supposed to read them.
Marek
On 26/10/15 14:26, keycloak-user.myq(a)xoxy.net
<mailto:keycloak-user.myq@xoxy.net> wrote:
> Hello. How can I set the domain of session cookies?
>
> I want to run keycloak at
auth.mydomain.com
> <
http://auth.mydomain.com> and get the session cookies (for SSO)
> at other subdomains of
mydomain.com <
http://mydomain.com>.
>
> Browsers will allow
sub.domain.com <
http://sub.domain.com> to set
> cookies for
domain.com <
http://domain.com>, but I can't figure out
> how to get Keycloak to do this.
>
> Thanks in advance!
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org <mailto:keycloak-user@lists.jboss.org>
>
https://lists.jboss.org/mailman/listinfo/keycloak-user
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user