Re: [keycloak-user] Keycloak and 3 clients

Hello Marc, I think the following setup will suit your requirement (assuming all 3 apps are web apps) Create a confidential client for each of the 3 apps in the same realm. Treat 1 app as "manager" app. The other apps are "workers". Secure each app with an appropriate keycloak adapter and configure an appropriate Admin URL for the client such that Keycloak can propagate logouts to them. In the "manager" app use the default keycloak logout of your adapter functionality when a user clicks on logout. However in the worker app only kill the current http session of the app on "logout" and release app local resources then redirect to some kind of central launch pad, potentially part of the "manager" app. If a user now clicks on an application icon on the launch pad he will be sent to the app without having to login. If a user performs a logout from the manager app the real logout will be performed. If the user then tries to access an app he as to login again. This "pseudo" logout still releases some resources and gives the user the "impression" that they did their job of logging out every time. This helps to deal with users which are used to work with not integrated web apps but still don't want to login every time... Cheers, Thomas 2017-03-20 19:45 GMT+01:00 Marek Posolda <mposolda(a)redhat.com&gt;: