8:49 a.m.
Hi Luis,
thank you very much for your support, I really appreciate.
Do you think it would be possible if we use openId instead of saml ?
Can we share some token in order to "share" authentication among different
clients ?
Thanks,
Emanuele
From: Luis Rodríguez Fernández <uo67113(a)gmail.com>
To: keycloak-user(a)lists.jboss.org
Date: 11/04/2018 18:59
Subject: Re: [keycloak-user] SSO in web and desktop application
Sent by: keycloak-user-bounces(a)lists.jboss.org
Hello Emanuele,
Please, forget about the servlet filter, at the beginning I thought that
the "client-server application developed in java" was not using any
keycloak adaptor, sorry for the confusion.
No, SAML does not provide a token that you can share between different
clients.
You could think about share the cookies between the browser and the
"client-server" app, but this is a horrible hack. I would warn you to
avoid
this way :)
Me, personally I would explore these two options:
a) Dedicated browser to automatically use the windows/kerberos credentials
of the logged user.
b) Let the dedicated browser redirect the user to the IdP login page. Yes,
users has to authenticate, but it will save you a lot of headache...
If you are using chrome there are extensions that apparently let you share
sessions between devices (
https://chrome.google.com/webstore/detail/sessionbox-free-multi-log/megbk...
).
You can give it a try, but me honestly, I do not like that option very
much...
Cheers,
Luis
2018-04-06 18:38 GMT+02:00 Emanuele Gesuato
<Emanuele.Gesuato(a)finantix.com>:
Hi Luis,
thanks for your feedback.
Is there any way to use some access token in order to identify the
current
user ?
let me recap.
I have a web application and a "desktop" application they are both
different but they share the same set of users and they are both in the
same keycloak realm.
When user is logged to web application I would like to trigger some
authentication mechanism in order to let user automatically logged when
he
opens the desktop application.
I am using keycloak 3.4.3 with tomcat7 adapter. Both the web application
and the server side application of the "desktop" one uses tomcat7 as
servlet container (but they are different instances). Of course keycloak
server is the same for both.
I am not sure how a servlet filter can help me solve this issue ... as
I
am using the standard tomcat7 keycloak adapter.
Thanks for any help,
Emanuele
From: Luis Rodríguez Fernández <uo67113(a)gmail.com>
To: Emanuele Gesuato <Emanuele.Gesuato(a)finantix.com>
Date: 06/04/2018 17:28
Subject: Re: [keycloak-user] SSO in web and desktop application
Hello Emanuele,
OK, I see. So if I understand correctly you have "converted" your webapp
in a desktop application using something like this
https://applicationize.me/ in a dedicated browser with some
restrictions.
The problem here is that you are requesting the application from a
completely different client, it would be the same if you open an
incognito
window in your browser after login in the siteA.
I have done a quick test with one of our SAML applications and I am
redirected to the login page of our SSO. After authentication the app
works perfectly fine.
Perhaps you could try to configure that dedicated browser to
automatically
use the windows/kerberos credentials of the logged user...
Cheers,
Luis
ps: the servlet filter can work in any servlet container. I am
successfully using it in tomcat 9 :)
2018-04-06 12:38 GMT+02:00 Emanuele Gesuato
<Emanuele.Gesuato(a)finantix.com
>:
sorry for my email issue
*****************
Hi there,
client-server app is a browser application where we are using the
keycloak-saml tomcat7 adapter.
Your link refers to a java servlet application that doesn’t have an
adapter for that servlet platform.
Am I missing something in your answer ?
thanks,
Emanuele Gesuato
Software specialist
Mobile: +39 335 757 3556 | Email: emanuele.gesuato(a)finantix.com | skype:
emanuelegesuato_work
CONFIDENTIALITY NOTICE - The information contained in this communication
is intended solely for the use of the individual or entity to whom it is
addressed and others authorized to receive it. It may contain
confidential
or legally privileged information. If you are not the intended
recipient
you are hereby notified that any disclosure, copying, distribution or
taking any action in reliance on the contents of this information is
strictly prohibited and may be unlawful. If you have received this
communication in error, please notify us immediately by responding to
this
email and then delete it from your system. Finantix is neither liable
for
the proper and complete transmission of the information contained in
this
communication nor for any delay in its receipt.
From: Subodh Joshi <subodhcjoshi82(a)gmail.com>
To: Emanuele Gesuato <Emanuele.Gesuato(a)finantix.com>
Cc: keycloak-user <keycloak-user(a)lists.jboss.org>
Date: 06/04/2018 12:11
Subject: Re: [keycloak-user] SSO in web and desktop application
Sent by: keycloak-user-bounces(a)lists.jboss.org
Emanuele Gesuato Look like some issue with your email client/server.
On Fri, Apr 6, 2018 at 3:21 PM, Emanuele Gesuato <
Emanuele.Gesuato(a)finantix.com> wrote:
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
--
Subodh Chandra Joshi
subodh1_joshi82(a)yahoo.co.in
http://www.trendsinnews.com
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
--
"Ever tried. Ever failed. No matter. Try Again. Fail again. Fail
better."
- Samuel Beckett
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
--
"Ever tried. Ever failed. No matter. Try Again. Fail again. Fail better."
- Samuel Beckett
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user