My goal is to have several web services (which reside at sub1.domain.com, sub2.domain.com, etc.) all redirect users to auth.domain.com for login. When a user is logged in and visits one of the web services, the web service should be able to get the user's identity from a claim signed by the authentication service (keycloak). The only way I know of to do this is to pass a claim in a cookie.

Ideally, the web service should be able to verify the identity claim without needing to emit an HTTP request to the auth service (by verifying the signature against the realm's public key).

Is keycloak the right choice for this? and if not, do you have any recommendations?

On Mon, Oct 26, 2015 at 9:49 AM, Marek Posolda - mposolda@redhat.com <keycloak-user.myq.aa3199607d.mposolda#redhat.com@ob.0sg.net> wrote:

This doesn't seem to be supported. Question is why you need it? All the cookies like KEYCLOAK_IDENTITY are set by keycloak server and it's just the keycloak server, which is supposed to read them.

Marek

On 26/10/15 14:26, keycloak-user.myq@xoxy.net wrote:
Hello. How can I set the domain of session cookies?

I want to run keycloak at auth.mydomain.com and get the session cookies (for SSO) at other subdomains of mydomain.com.

Browsers will allow sub.domain.com to set cookies for domain.com, but I can't figure out how to get Keycloak to do this.

Thanks in advance!
_______________________________________________
keycloak-user mailing list
keycloak-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user