As mentioned in previous post, I'm looking at how to leverage KeyCloak within the
Overlord governance projects.
I can see how our web UIs and REST services could be defined within a single realm, with
the appropriate roles, users and user/role mappings. However if we wanted to build some
apps that made use of other JBoss projects, that also used KeyCloak, but with their own
realms, then how would a user be defined to use our app that may at the backend need to
call services provided by other projects/realms?
Wondering whether the user concept needs to be defined outside of a realm, so that it
could be assigned roles within a number of realms, allowing them to access the various
apps in those different domains?
More of a conceptual discussion, rather than an actual problem at this stage - was more
curious how it could work, as not a security expert.