12:26 p.m.
I understand that deploying 3 clients under one realm will easily enable SSO. Even if we
keep the clients in different realms, cross-realm trust can be established. But the use
case of our prototype wants the clients to be on different servers. I’ll try to explain as
best as I can.
Our company has 3 products deployed independently and these are managed by different
administrators. Sometimes these have to be integrated with each other for seamless cross
product experience at which time we would want SSO between the individual product UIs. We
intend to use Keycloak as a broker for authentication and to achieve SSO. So that’s why I
wanted to know if trust between two standalone Keycloak instances can be established.
Also, if we deploy the domain controller, can there still be local settings on the
different Keycloak instances?
Thanks,
Aditya
On 7/15/19, 12:25 PM, "keycloak-user-bounces(a)lists.jboss.org on behalf of Stan
Silvert" <keycloak-user-bounces(a)lists.jboss.org on behalf of
ssilvert(a)redhat.com> wrote:
Why do you need each to have its own Keycloak instance? A usual setup
would define all three clients in the same realm under the same Keycloak
instance.
On 7/15/2019 1:23 PM, Aditya Bhole wrote:
Hello,
I’m new to Keycloak and building a prototype SSO framework for my company. The use case
is that my company has 3 clients; A, B and C. Now each client is going to have its own
Keycloak instance; KA, KB and KC. Now what I want is when I login through client A I
should be logged into client B and C as well. And same goes for all the clients. So for
this to happen, is there a way of establishing trust between these three Keycloak
instances KA, KB and KC?
I’ve successfully established an SSO by using KA as a broker and KB as an IDP. But this
is only a master slave kind-of an architecture. When I log in to A, I’m automatically
logged into B. But if I log into B, I won’t be automatically logged into A. Is it possible
for KA to be a broker for KB and KB to be a broker for KA at the same time?
TL;DR :
Is there a way where Keycloak only acts as a broker and trust is established between
multiple such Keycloak instances?
I hope my question makes sense. Please point me in the right direction if I’m looking at
this in the wrong way.
Thanks,
Aditya
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user