Re: [keycloak-user] Multi realms approach

Hi, We have a similar setup and achieve cross-realm authentication through an extra IdP instance (which is actually a requirement for us because the IdPs are owned by the customers). This adds of course an administrative overhead. Realm selection is in our case done by setting a specific header on the reverse proxy. The realm name is hereby derived from the request url. Accordingly, we implemented a custom KeycloakConfigResolver that reads the realm name from the header. I hope this helps, Michael On 2017-09-27, 14:14, &quot;keycloak-user-bounces(a)lists.jboss.org on behalf of Matthias ANGLADE" <keycloak-user-bounces(a)lists.jboss.org on behalf of manglade(a)nextoo.fr&gt; wrote: Hi, I'm currently working on a project with specific requirements. Actually what we are trying to do is to setup a Keycloak in order to protect several applications. Each of these applications will potentially have their own set of webapps and micro-services. What we intended to do is to declare a realm per app (and each component of the app would be a client within it's own realm). We need to setup some cross-realm features such as realm selection, multi-realm authentication (i.e not being forced to re-login when switchin from one realm to another). I'm looking for advices or feedbacks in implementing such a case. Would you have any ? Yours, _______________________________________________ keycloak-user mailing list keycloak-user(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-user