Re: [keycloak-user] Multi realms approach

Yes, the tokens are still realm specific. This is how the setup basically works: - The user requests a resource from application A, gets redirected to Keycloak – realm A - which, in turn, redirects to the IdP. After authentication at the IdP the user is redirected back to Keycloak which issues the token for the application within realm A. - Then, the user switches to application B. The user is again redirected to Keycloak - but now to realm B. Since the user has no active session here, the user is furtherly redirected to the IdP. Since the user already has an active session at the IdP the request is redirected directly, i.e. without user interaction, back to Keycloak which in turn issues a token within realm B to application B. From: Stephen Henrie <stephen(a)saasindustries.com&gt; Date: Saturday, 30 September 2017 at 19:34 To: Michael Liebe <Michael.Liebe(a)ist.com&gt; Cc: Matthias ANGLADE <manglade(a)nextoo.fr&gt;, &quot;keycloak-user(a)lists.jboss.org&quot; <keycloak-user(a)lists.jboss.org&gt; Subject: Re: [keycloak-user] Multi realms approach I am curious....how does this address the issue of requiring users to re-login again to switch realms? I ask, as this is a very common need and since the access token is specific to a keycloak realm, I don't see how this would address that situation without Keycloak supporting "trusted realms". Thanks Stephen