Re: [keycloak-user] Different theme for each client

On 18/12/15 09:39, Stian Thorgersen wrote: On 18 December 2015 at 09:35, Marek Posolda <mposolda(a)redhat.com&gt; wrote: > On 18/12/15 08:23, Stian Thorgersen wrote: > > The best solution to that is either the ability to share users between > realms or more likely the ability to define a SSO group within a realm. > Each SSO group would have independent SSO sessions and could also have > separate themes associated with it. It's not something we have resources > for right now though. > > I wonder if we can have something like > "different-realm-user-federation-provider" ? We had something like this in > the early days of Keycloak. > > For example, if you have 2 realms "blueRealm" and "greenRealm" . The > greenRealm will have defined federation provider, which will delegate > retrieving users to blueRealm. Then all applications configured against > greenRealm will see green login screen, but they will be able to > authenticate with users+passwords from blueRealm. > That's not very elegant at least not ATM as we would end up duplicating the users in the DB. Yeah. Once we address in-memory federation, it's going to be better though. Might be easier then introduce brand new concept of SSO groups within realm.

Marek > > Marek > > > > Simply displaying a different theme per-client just doesn't make any > sense at all. Users log-in to a SSO realm, not an individual client. So I'm > against adding something like that unless we add the ability to log-in to > clients or groups of clients individually. > > On 18 December 2015 at 03:08, Raghuram Prabhala < <prabhalar(a)yahoo.com&gt; > prabhalar(a)yahoo.com&gt; wrote: > >> Pe >> >> It depends upon the application that the user accesses. We have several >> scenarios where the same set of users login to different applications in >> different divisions, some internet facing that have a totally different >> look from our intranet ones and it also depends upon whether the >> applications look for multi factor authentication as well. >> >> This is a very common scenario - We typically have different themes >> presented to the users based on what the client applications request >> (different themes can be requested utilizing different http parameters) >> >> Perhaps we can define different realms for different themes but it >> becomes very cumbersome >> >> >> >> ------------------------------ >> *From:* Stian Thorgersen < <sthorger@redhat.com&gt;sthorger(a)redhat.com&gt; >> *To:* Raghuram Prabhala < <prabhalar@yahoo.com&gt;prabhalar(a)yahoo.com&gt; >> *Cc:* Revanth Ayalasomayajula < <revanth(a)arvindinternet.com&gt; >> revanth(a)arvindinternet.com>; keycloak-user < >> <keycloak-user@lists.jboss.org&gt;keycloak-user(a)lists.jboss.org&gt; >> *Sent:* Thursday, December 17, 2015 9:28 AM >> >> *Subject:* Re: [keycloak-user] Different theme for each client >> >> >> >> On 17 December 2015 at 14:44, Raghuram Prabhala < <prabhalar(a)yahoo.com&gt; >> prabhalar(a)yahoo.com&gt; wrote: >> >> Stian - Even we have a similar requirement of having different themes, >> but for different divisions within the firm. Some of them have additional >> functionality of changing even the password. Can you suggest some way of >> achieving the above functionality considering that all the other >> functionality is the same for all divisions? >> >> >> Not actually sure what you mean here. It just doesn't make sense to show >> a user two login pages that look different (and possible have different >> things enabled/disable) if they use the same realm and SSO session. >> >> >> >> Thanks, >> Raghu >> >> ------------------------------ >> *From:* Stian Thorgersen < <sthorger@redhat.com&gt;sthorger(a)redhat.com&gt; >> *To:* Revanth Ayalasomayajula < <revanth(a)arvindinternet.com&gt; >> revanth(a)arvindinternet.com&gt; >> *Cc:* keycloak-user < <keycloak-user(a)lists.jboss.org&gt; >> keycloak-user(a)lists.jboss.org&gt; >> *Sent:* Thursday, December 17, 2015 8:05 AM >> *Subject:* Re: [keycloak-user] Different theme for each client >> >> Having different clients login to the same SSO realm with different >> branded login pages just doesn't make sense. If we add the concept of a SSO >> domain/zone or something within a realm, where a group of clients have >> separate themes and SSO session that would make sense. >> >> On 15 December 2015 at 12:14, Revanth Ayalasomayajula < >> <revanth@arvindinternet.com&gt;revanth(a)arvindinternet.com&gt; wrote: >> >> +1 for this feature. >> ᐧ >> >> On Tue, Dec 15, 2015 at 4:39 PM, Helder dos S. Alves < >> <helder.jaspion@gmail.com&gt;helder.jaspion(a)gmail.com&gt; wrote: >> >> Hi. >> >> I need to have a different theme for each of the clients of a realm. >> If a user came from one client, I have to show a keycloak page with the >> logo and skin of that client. >> Is it possible with Keycloak? How? >> >> Thanks in advance. >> >> >> Helder S. Alves >> >> _______________________________________________ >> keycloak-user mailing list >> <keycloak-user@lists.jboss.org&gt;keycloak-user(a)lists.jboss.org >> <https://lists.jboss.org/mailman/listinfo/keycloak-user> >> https://lists.jboss.org/mailman/listinfo/keycloak-user >> >> >> >> _______________________________________________ >> keycloak-user mailing list >> <keycloak-user@lists.jboss.org&gt;keycloak-user(a)lists.jboss.org >> <https://lists.jboss.org/mailman/listinfo/keycloak-user> >> https://lists.jboss.org/mailman/listinfo/keycloak-user >> >> >> >> _______________________________________________ >> keycloak-user mailing list >> <keycloak-user@lists.jboss.org&gt;keycloak-user(a)lists.jboss.org >> <https://lists.jboss.org/mailman/listinfo/keycloak-user> >> https://lists.jboss.org/mailman/listinfo/keycloak-user >> >> >> >> >> >> > > > _______________________________________________ > keycloak-user mailing listkeycloak-user@lists.jboss.orghttps://lists.jboss.org/mailman/listinfo/keycloak-user > > >