On 18 December 2015 at 09:35, Marek Posolda <mposolda@redhat.com> wrote:
On 18/12/15 08:23, Stian Thorgersen wrote:
The best solution to that is either the ability to share users between realms or more likely the ability to define a SSO group within a realm. Each SSO group would have independent SSO sessions and could also have separate themes associated with it. It's not something we have resources for right now though.
I wonder if we can have something like "different-realm-user-federation-provider" ? We had something like this in the early days of Keycloak.

For example, if you have 2 realms "blueRealm" and "greenRealm" . The greenRealm will have defined federation provider, which will delegate retrieving users to blueRealm. Then all applications configured against greenRealm will see green login screen, but they will be able to authenticate with users+passwords from blueRealm.

That's not very elegant at least not ATM as we would end up duplicating the users in the DB.
 

Marek



Simply displaying a different theme per-client just doesn't make any sense at all. Users log-in to a SSO realm, not an individual client. So I'm against adding something like that unless we add the ability to log-in to clients or groups of clients individually.

On 18 December 2015 at 03:08, Raghuram Prabhala <prabhalar@yahoo.com> wrote:
Pe

It depends upon the application that the user accesses. We have several scenarios where the same set of users login to different applications in different divisions, some internet facing that have a totally different look from our intranet ones and it also depends upon whether the applications look for multi factor authentication as well.

This is a very common scenario - We typically have different themes presented to the users based on what the client applications request (different themes can be requested utilizing different http parameters)

Perhaps we can define different realms for different themes but it becomes very cumbersome




From: Stian Thorgersen <sthorger@redhat.com>
To: Raghuram Prabhala <prabhalar@yahoo.com>
Cc: Revanth Ayalasomayajula <revanth@arvindinternet.com>; keycloak-user <keycloak-user@lists.jboss.org>
Sent: Thursday, December 17, 2015 9:28 AM

Subject: Re: [keycloak-user] Different theme for each client



On 17 December 2015 at 14:44, Raghuram Prabhala <prabhalar@yahoo.com> wrote:
Stian - Even we have a similar requirement of having different themes, but for different divisions within the firm. Some of them have additional functionality of changing even the password. Can you suggest some way of achieving the above functionality considering that all the other functionality is the same for all divisions?

Not actually sure what you mean here. It just doesn't make sense to show a user two login pages that look different (and possible have different things enabled/disable) if they use the same realm and SSO session.
 

Thanks,
Raghu


From: Stian Thorgersen <sthorger@redhat.com>
To: Revanth Ayalasomayajula <revanth@arvindinternet.com>
Cc: keycloak-user <keycloak-user@lists.jboss.org>
Sent: Thursday, December 17, 2015 8:05 AM
Subject: Re: [keycloak-user] Different theme for each client

Having different clients login to the same SSO realm with different branded login pages just doesn't make sense. If we add the concept of a SSO domain/zone or something within a realm, where a group of clients have separate themes and SSO session that would make sense.

On 15 December 2015 at 12:14, Revanth Ayalasomayajula <revanth@arvindinternet.com> wrote:
+1 for this feature.

On Tue, Dec 15, 2015 at 4:39 PM, Helder dos S. Alves <helder.jaspion@gmail.com> wrote:
Hi.

I need to have a different theme for each of the clients of a realm.
If a user came from one client, I have to show a keycloak page with the logo and skin of that client.
Is it possible with Keycloak? How?

Thanks in advance.


Helder S. Alves

_______________________________________________
keycloak-user mailing list
keycloak-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user


_______________________________________________
keycloak-user mailing list
keycloak-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user


_______________________________________________
keycloak-user mailing list
keycloak-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user








_______________________________________________
keycloak-user mailing list
keycloak-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user