Yes, one realm can point to another realm for federation.
Realm A uses Realm B for authentication.
Set up an identity provider in Realm A. If you want Realm B to handle
all logins for Realm A, got to Authentication and set the Identity
Provider Redirector to the identity provider you just created.
In Realm B, create an openid-connect client for your application. Copy
and paste the Client ID and Client Secret from Realm B into the identity
provider in Realm A.
At first login, the users from Realm B will be created in Realm A. I'm
not sure if this will solve your use case concerning permissions, but it
gives you something to play around with.
On 1/18/2019 6:11 AM, James Pridmore wrote:
Hi all,
I wonder if anyone could help me. I'm trying to set up a realm with user federation.
I'd like that realm to point to another realm within the same instance of Keycloak.
Is this possible and if so, how do I go about it?
The reason for this is we have one application supporting different contracts, users have
different permissions in different contracts. We think we can achieve this by setting up 1
client over multiple realms and using one set of users in all those realms but with
different permissions in each realm.
Any advice is much appreciated.
Kind regards,
James
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user