11:38 a.m.
Hi Luis,
thanks for your feedback.
Is there any way to use some access token in order to identify the current
user ?
let me recap.
I have a web application and a "desktop" application they are both
different but they share the same set of users and they are both in the
same keycloak realm.
When user is logged to web application I would like to trigger some
authentication mechanism in order to let user automatically logged when he
opens the desktop application.
I am using keycloak 3.4.3 with tomcat7 adapter. Both the web application
and the server side application of the "desktop" one uses tomcat7 as
servlet container (but they are different instances). Of course keycloak
server is the same for both.
I am not sure how a servlet filter can help me solve this issue ... as I
am using the standard tomcat7 keycloak adapter.
Thanks for any help,
Emanuele
From: Luis Rodríguez Fernández <uo67113(a)gmail.com>
To: Emanuele Gesuato <Emanuele.Gesuato(a)finantix.com>
Date: 06/04/2018 17:28
Subject: Re: [keycloak-user] SSO in web and desktop application
Hello Emanuele,
OK, I see. So if I understand correctly you have "converted" your webapp
in a desktop application using something like this
https://applicationize.me/ in a dedicated browser with some restrictions.
The problem here is that you are requesting the application from a
completely different client, it would be the same if you open an incognito
window in your browser after login in the siteA.
I have done a quick test with one of our SAML applications and I am
redirected to the login page of our SSO. After authentication the app
works perfectly fine.
Perhaps you could try to configure that dedicated browser to automatically
use the windows/kerberos credentials of the logged user...
Cheers,
Luis
ps: the servlet filter can work in any servlet container. I am
successfully using it in tomcat 9 :)
2018-04-06 12:38 GMT+02:00 Emanuele Gesuato <Emanuele.Gesuato(a)finantix.com
:
sorry for my email issue
*****************
Hi there,
client-server app is a browser application where we are using the
keycloak-saml tomcat7 adapter.
Your link refers to a java servlet application that doesn’t have an
adapter for that servlet platform.
Am I missing something in your answer ?
thanks,
Emanuele Gesuato
Software specialist
Mobile: +39 335 757 3556 | Email: emanuele.gesuato(a)finantix.com | skype:
emanuelegesuato_work
CONFIDENTIALITY NOTICE - The information contained in this communication
is intended solely for the use of the individual or entity to whom it is
addressed and others authorized to receive it. It may contain confidential
or legally privileged information. If you are not the intended recipient
you are hereby notified that any disclosure, copying, distribution or
taking any action in reliance on the contents of this information is
strictly prohibited and may be unlawful. If you have received this
communication in error, please notify us immediately by responding to this
email and then delete it from your system. Finantix is neither liable for
the proper and complete transmission of the information contained in this
communication nor for any delay in its receipt.
From: Subodh Joshi <subodhcjoshi82(a)gmail.com>
To: Emanuele Gesuato <Emanuele.Gesuato(a)finantix.com>
Cc: keycloak-user <keycloak-user(a)lists.jboss.org>
Date: 06/04/2018 12:11
Subject: Re: [keycloak-user] SSO in web and desktop application
Sent by: keycloak-user-bounces(a)lists.jboss.org
Emanuele Gesuato Look like some issue with your email client/server.
On Fri, Apr 6, 2018 at 3:21 PM, Emanuele Gesuato <
Emanuele.Gesuato(a)finantix.com> wrote:
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
--
Subodh Chandra Joshi
subodh1_joshi82(a)yahoo.co.in
http://www.trendsinnews.com
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
--
"Ever tried. Ever failed. No matter. Try Again. Fail again. Fail better."
- Samuel Beckett
11:58 a.m.
New subject: SSO in web and desktop application
Hello Emanuele,
Please, forget about the servlet filter, at the beginning I thought that
the "client-server application developed in java" was not using any
keycloak adaptor, sorry for the confusion.
No, SAML does not provide a token that you can share between different
clients.
You could think about share the cookies between the browser and the
"client-server" app, but this is a horrible hack. I would warn you to avoid
this way :)
Me, personally I would explore these two options:
a) Dedicated browser to automatically use the windows/kerberos credentials
of the logged user.
b) Let the dedicated browser redirect the user to the IdP login page. Yes,
users has to authenticate, but it will save you a lot of headache...
If you are using chrome there are extensions that apparently let you share
sessions between devices (
https://chrome.google.com/webstore/detail/sessionbox-free-multi-log/megbk...).
You can give it a try, but me honestly, I do not like that option very
much...
Cheers,
Luis
2018-04-06 18:38 GMT+02:00 Emanuele Gesuato <Emanuele.Gesuato(a)finantix.com>:
Hi Luis,
thanks for your feedback.
Is there any way to use some access token in order to identify the current
user ?
let me recap.
I have a web application and a "desktop" application they are both
different but they share the same set of users and they are both in the
same keycloak realm.
When user is logged to web application I would like to trigger some
authentication mechanism in order to let user automatically logged when he
opens the desktop application.
I am using keycloak 3.4.3 with tomcat7 adapter. Both the web application
and the server side application of the "desktop" one uses tomcat7 as
servlet container (but they are different instances). Of course keycloak
server is the same for both.
I am not sure how a servlet filter can help me solve this issue ... as I
am using the standard tomcat7 keycloak adapter.
Thanks for any help,
Emanuele
From: Luis Rodríguez Fernández <uo67113(a)gmail.com>
To: Emanuele Gesuato <Emanuele.Gesuato(a)finantix.com>
Date: 06/04/2018 17:28
Subject: Re: [keycloak-user] SSO in web and desktop application
Hello Emanuele,
OK, I see. So if I understand correctly you have "converted" your webapp
in a desktop application using something like this
https://applicationize.me/ in a dedicated browser with some restrictions.
The problem here is that you are requesting the application from a
completely different client, it would be the same if you open an incognito
window in your browser after login in the siteA.
I have done a quick test with one of our SAML applications and I am
redirected to the login page of our SSO. After authentication the app
works perfectly fine.
Perhaps you could try to configure that dedicated browser to automatically
use the windows/kerberos credentials of the logged user...
Cheers,
Luis
ps: the servlet filter can work in any servlet container. I am
successfully using it in tomcat 9 :)
2018-04-06 12:38 GMT+02:00 Emanuele Gesuato <Emanuele.Gesuato(a)finantix.com
>:
sorry for my email issue
*****************
Hi there,
client-server app is a browser application where we are using the
keycloak-saml tomcat7 adapter.
Your link refers to a java servlet application that doesn’t have an
adapter for that servlet platform.
Am I missing something in your answer ?
thanks,
Emanuele Gesuato
Software specialist
Mobile: +39 335 757 3556 | Email: emanuele.gesuato(a)finantix.com | skype:
emanuelegesuato_work
CONFIDENTIALITY NOTICE - The information contained in this communication
is intended solely for the use of the individual or entity to whom it is
addressed and others authorized to receive it. It may contain confidential
or legally privileged information. If you are not the intended recipient
you are hereby notified that any disclosure, copying, distribution or
taking any action in reliance on the contents of this information is
strictly prohibited and may be unlawful. If you have received this
communication in error, please notify us immediately by responding to this
email and then delete it from your system. Finantix is neither liable for
the proper and complete transmission of the information contained in this
communication nor for any delay in its receipt.
From: Subodh Joshi <subodhcjoshi82(a)gmail.com>
To: Emanuele Gesuato <Emanuele.Gesuato(a)finantix.com>
Cc: keycloak-user <keycloak-user(a)lists.jboss.org>
Date: 06/04/2018 12:11
Subject: Re: [keycloak-user] SSO in web and desktop application
Sent by: keycloak-user-bounces(a)lists.jboss.org
Emanuele Gesuato Look like some issue with your email client/server.
On Fri, Apr 6, 2018 at 3:21 PM, Emanuele Gesuato <
Emanuele.Gesuato(a)finantix.com> wrote:
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
--
Subodh Chandra Joshi
subodh1_joshi82(a)yahoo.co.in
http://www.trendsinnews.com
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
--
"Ever tried. Ever failed. No matter. Try Again. Fail again. Fail better."
- Samuel Beckett
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
--
"Ever tried. Ever failed. No matter. Try Again. Fail again. Fail better."
- Samuel Beckett
8:49 a.m.
New subject: SSO in web and desktop application
Hi Luis,
thank you very much for your support, I really appreciate.
Do you think it would be possible if we use openId instead of saml ?
Can we share some token in order to "share" authentication among different
clients ?
Thanks,
Emanuele
From: Luis Rodríguez Fernández <uo67113(a)gmail.com>
To: keycloak-user(a)lists.jboss.org
Date: 11/04/2018 18:59
Subject: Re: [keycloak-user] SSO in web and desktop application
Sent by: keycloak-user-bounces(a)lists.jboss.org
Hello Emanuele,
Please, forget about the servlet filter, at the beginning I thought that
the "client-server application developed in java" was not using any
keycloak adaptor, sorry for the confusion.
No, SAML does not provide a token that you can share between different
clients.
You could think about share the cookies between the browser and the
"client-server" app, but this is a horrible hack. I would warn you to
avoid
this way :)
Me, personally I would explore these two options:
a) Dedicated browser to automatically use the windows/kerberos credentials
of the logged user.
b) Let the dedicated browser redirect the user to the IdP login page. Yes,
users has to authenticate, but it will save you a lot of headache...
If you are using chrome there are extensions that apparently let you share
sessions between devices (
https://chrome.google.com/webstore/detail/sessionbox-free-multi-log/megbk...
).
You can give it a try, but me honestly, I do not like that option very
much...
Cheers,
Luis
2018-04-06 18:38 GMT+02:00 Emanuele Gesuato
<Emanuele.Gesuato(a)finantix.com>:
Hi Luis,
thanks for your feedback.
Is there any way to use some access token in order to identify the
current
user ?
let me recap.
I have a web application and a "desktop" application they are both
different but they share the same set of users and they are both in the
same keycloak realm.
When user is logged to web application I would like to trigger some
authentication mechanism in order to let user automatically logged when
he
opens the desktop application.
I am using keycloak 3.4.3 with tomcat7 adapter. Both the web application
and the server side application of the "desktop" one uses tomcat7 as
servlet container (but they are different instances). Of course keycloak
server is the same for both.
I am not sure how a servlet filter can help me solve this issue ... as
I
am using the standard tomcat7 keycloak adapter.
Thanks for any help,
Emanuele
From: Luis Rodríguez Fernández <uo67113(a)gmail.com>
To: Emanuele Gesuato <Emanuele.Gesuato(a)finantix.com>
Date: 06/04/2018 17:28
Subject: Re: [keycloak-user] SSO in web and desktop application
Hello Emanuele,
OK, I see. So if I understand correctly you have "converted" your webapp
in a desktop application using something like this
https://applicationize.me/ in a dedicated browser with some
restrictions.
The problem here is that you are requesting the application from a
completely different client, it would be the same if you open an
incognito
window in your browser after login in the siteA.
I have done a quick test with one of our SAML applications and I am
redirected to the login page of our SSO. After authentication the app
works perfectly fine.
Perhaps you could try to configure that dedicated browser to
automatically
use the windows/kerberos credentials of the logged user...
Cheers,
Luis
ps: the servlet filter can work in any servlet container. I am
successfully using it in tomcat 9 :)
2018-04-06 12:38 GMT+02:00 Emanuele Gesuato
<Emanuele.Gesuato(a)finantix.com
>:
sorry for my email issue
*****************
Hi there,
client-server app is a browser application where we are using the
keycloak-saml tomcat7 adapter.
Your link refers to a java servlet application that doesn’t have an
adapter for that servlet platform.
Am I missing something in your answer ?
thanks,
Emanuele Gesuato
Software specialist
Mobile: +39 335 757 3556 | Email: emanuele.gesuato(a)finantix.com | skype:
emanuelegesuato_work
CONFIDENTIALITY NOTICE - The information contained in this communication
is intended solely for the use of the individual or entity to whom it is
addressed and others authorized to receive it. It may contain
confidential
or legally privileged information. If you are not the intended
recipient
you are hereby notified that any disclosure, copying, distribution or
taking any action in reliance on the contents of this information is
strictly prohibited and may be unlawful. If you have received this
communication in error, please notify us immediately by responding to
this
email and then delete it from your system. Finantix is neither liable
for
the proper and complete transmission of the information contained in
this
communication nor for any delay in its receipt.
From: Subodh Joshi <subodhcjoshi82(a)gmail.com>
To: Emanuele Gesuato <Emanuele.Gesuato(a)finantix.com>
Cc: keycloak-user <keycloak-user(a)lists.jboss.org>
Date: 06/04/2018 12:11
Subject: Re: [keycloak-user] SSO in web and desktop application
Sent by: keycloak-user-bounces(a)lists.jboss.org
Emanuele Gesuato Look like some issue with your email client/server.
On Fri, Apr 6, 2018 at 3:21 PM, Emanuele Gesuato <
Emanuele.Gesuato(a)finantix.com> wrote:
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
--
Subodh Chandra Joshi
subodh1_joshi82(a)yahoo.co.in
http://www.trendsinnews.com
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
--
"Ever tried. Ever failed. No matter. Try Again. Fail again. Fail
better."
- Samuel Beckett
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
--
"Ever tried. Ever failed. No matter. Try Again. Fail again. Fail better."
- Samuel Beckett
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
10:19 a.m.
New subject: SSO in web and desktop application
Hello Emanuele,
You are welcome, sorry for not being more helpful.
I must to admit that I did not try openid for any of my services.
I do believe that you could drop that question on the openId support forum:
https://getsatisfaction.com/openid
Hope it helps,
Luis
2018-04-12 15:49 GMT+02:00 Emanuele Gesuato <Emanuele.Gesuato(a)finantix.com>:
Hi Luis,
thank you very much for your support, I really appreciate.
Do you think it would be possible if we use openId instead of saml ?
Can we share some token in order to "share" authentication among different
clients ?
Thanks,
Emanuele
From: Luis Rodríguez Fernández <uo67113(a)gmail.com>
To: keycloak-user(a)lists.jboss.org
Date: 11/04/2018 18:59
Subject: Re: [keycloak-user] SSO in web and desktop application
Sent by: keycloak-user-bounces(a)lists.jboss.org
Hello Emanuele,
Please, forget about the servlet filter, at the beginning I thought that
the "client-server application developed in java" was not using any
keycloak adaptor, sorry for the confusion.
No, SAML does not provide a token that you can share between different
clients.
You could think about share the cookies between the browser and the
"client-server" app, but this is a horrible hack. I would warn you to
avoid
this way :)
Me, personally I would explore these two options:
a) Dedicated browser to automatically use the windows/kerberos credentials
of the logged user.
b) Let the dedicated browser redirect the user to the IdP login page. Yes,
users has to authenticate, but it will save you a lot of headache...
If you are using chrome there are extensions that apparently let you share
sessions between devices (
https://chrome.google.com/webstore/detail/sessionbox-free-multi-log/
megbklhjamjbcafknkgmokldgolkdfig
).
You can give it a try, but me honestly, I do not like that option very
much...
Cheers,
Luis
2018-04-06 18:38 GMT+02:00 Emanuele Gesuato
<Emanuele.Gesuato(a)finantix.com>:
> Hi Luis,
>
> thanks for your feedback.
>
> Is there any way to use some access token in order to identify the
current
> user ?
>
> let me recap.
> I have a web application and a "desktop" application they are both
> different but they share the same set of users and they are both in the
> same keycloak realm.
> When user is logged to web application I would like to trigger some
> authentication mechanism in order to let user automatically logged when
he
> opens the desktop application.
>
> I am using keycloak 3.4.3 with tomcat7 adapter. Both the web application
> and the server side application of the "desktop" one uses tomcat7 as
> servlet container (but they are different instances). Of course keycloak
> server is the same for both.
>
> I am not sure how a servlet filter can help me solve this issue ... as
I
> am using the standard tomcat7 keycloak adapter.
>
> Thanks for any help,
> Emanuele
>
>
>
>
>
> From: Luis Rodríguez Fernández <uo67113(a)gmail.com>
> To: Emanuele Gesuato <Emanuele.Gesuato(a)finantix.com>
> Date: 06/04/2018 17:28
> Subject: Re: [keycloak-user] SSO in web and desktop application
>
>
>
> Hello Emanuele,
>
> OK, I see. So if I understand correctly you have "converted" your webapp
> in a desktop application using something like this
> https://applicationize.me/ in a dedicated browser with some
restrictions.
>
> The problem here is that you are requesting the application from a
> completely different client, it would be the same if you open an
incognito
> window in your browser after login in the siteA.
>
> I have done a quick test with one of our SAML applications and I am
> redirected to the login page of our SSO. After authentication the app
> works perfectly fine.
>
> Perhaps you could try to configure that dedicated browser to
automatically
> use the windows/kerberos credentials of the logged user...
>
> Cheers,
>
> Luis
>
> ps: the servlet filter can work in any servlet container. I am
> successfully using it in tomcat 9 :)
>
>
>
>
>
>
>
>
>
>
>
> 2018-04-06 12:38 GMT+02:00 Emanuele Gesuato
<Emanuele.Gesuato(a)finantix.com
> >:
> sorry for my email issue
> *****************
>
> Hi there,
>
> client-server app is a browser application where we are using the
> keycloak-saml tomcat7 adapter.
>
> Your link refers to a java servlet application that doesn’t have an
> adapter for that servlet platform.
>
> Am I missing something in your answer ?
>
> thanks,
>
>
> Emanuele Gesuato
> Software specialist
>
>
> Mobile: +39 335 757 3556 | Email: emanuele.gesuato(a)finantix.com | skype:
> emanuelegesuato_work
>
>
> CONFIDENTIALITY NOTICE - The information contained in this communication
> is intended solely for the use of the individual or entity to whom it is
> addressed and others authorized to receive it. It may contain
confidential
> or legally privileged information. If you are not the intended recipient
> you are hereby notified that any disclosure, copying, distribution or
> taking any action in reliance on the contents of this information is
> strictly prohibited and may be unlawful. If you have received this
> communication in error, please notify us immediately by responding to
this
> email and then delete it from your system. Finantix is neither liable
for
> the proper and complete transmission of the information contained in
this
> communication nor for any delay in its receipt.
>
>
>
>
> From: Subodh Joshi <subodhcjoshi82(a)gmail.com>
> To: Emanuele Gesuato <Emanuele.Gesuato(a)finantix.com>
> Cc: keycloak-user <keycloak-user(a)lists.jboss.org>
> Date: 06/04/2018 12:11
> Subject: Re: [keycloak-user] SSO in web and desktop application
> Sent by: keycloak-user-bounces(a)lists.jboss.org
>
>
>
> Emanuele Gesuato Look like some issue with your email client/server.
>
> On Fri, Apr 6, 2018 at 3:21 PM, Emanuele Gesuato <
> Emanuele.Gesuato(a)finantix.com> wrote:
>
> >
> > _______________________________________________
> > keycloak-user mailing list
> > keycloak-user(a)lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/keycloak-user
> >
>
>
>
> --
> Subodh Chandra Joshi
> subodh1_joshi82(a)yahoo.co.in
> http://www.trendsinnews.com
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
>
>
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
>
>
> --
> "Ever tried. Ever failed. No matter. Try Again. Fail again. Fail
better."
> - Samuel Beckett
>
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
--
"Ever tried. Ever failed. No matter. Try Again. Fail again. Fail better."
- Samuel Beckett
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
--
"Ever tried. Ever failed. No matter. Try Again. Fail again. Fail better."
- Samuel Beckett
4:26 a.m.
New subject: SSO in web and desktop application
Hi,
just a quick update in case any of you have some hints to share.
I am trying to use "impersonate" rest api in order to get a fresh token
for the user I want to use in my application.
By using following CURL I am able to get this new token for my "target"
user:
curl --verbose -X POST "
http://<host>/auth/realms/master/protocol/openid-connect/token" \
--data-urlencode
"grant_type=urn:ietf:params:oauth:grant-type:token-exchange" \
--data-urlencode
"requested_token_type=urn:ietf:params:oauth:token-type:access_token" \
-d "requested_subject=${USER_ID}" \
-d "audience=${TARGET_CLIENT}" \
-d "client_id=${SOURCE_CLIENT}" \
-d "subject_token=${TKN}"
but it is not enough, because to fully impersonate the user in my web
application I need a fresh JSESSIONID. By getting JSESSIONID I can store
it as a cookie and in this way I can skip the keycloak login page.
Is the token meant to be used only in rest api ? Am I missing something ?
thanks for any help,
Emanuele
From: Luis Rodríguez Fernández <uo67113(a)gmail.com>
To: keycloak-user(a)lists.jboss.org
Date: 13/04/2018 17:26
Subject: Re: [keycloak-user] SSO in web and desktop application
Sent by: keycloak-user-bounces(a)lists.jboss.org
Hello Emanuele,
You are welcome, sorry for not being more helpful.
I must to admit that I did not try openid for any of my services.
I do believe that you could drop that question on the openId support
forum:
https://getsatisfaction.com/openid
Hope it helps,
Luis
2018-04-12 15:49 GMT+02:00 Emanuele Gesuato
<Emanuele.Gesuato(a)finantix.com>:
Hi Luis,
thank you very much for your support, I really appreciate.
Do you think it would be possible if we use openId instead of saml ?
Can we share some token in order to "share" authentication among
different
clients ?
Thanks,
Emanuele
From: Luis Rodríguez Fernández <uo67113(a)gmail.com>
To: keycloak-user(a)lists.jboss.org
Date: 11/04/2018 18:59
Subject: Re: [keycloak-user] SSO in web and desktop application
Sent by: keycloak-user-bounces(a)lists.jboss.org
Hello Emanuele,
Please, forget about the servlet filter, at the beginning I thought that
the "client-server application developed in java" was not using any
keycloak adaptor, sorry for the confusion.
No, SAML does not provide a token that you can share between different
clients.
You could think about share the cookies between the browser and the
"client-server" app, but this is a horrible hack. I would warn you to
avoid
this way :)
Me, personally I would explore these two options:
a) Dedicated browser to automatically use the windows/kerberos
credentials
of the logged user.
b) Let the dedicated browser redirect the user to the IdP login page.
Yes,
users has to authenticate, but it will save you a lot of
headache...
If you are using chrome there are extensions that apparently let you
share
sessions between devices (
https://chrome.google.com/webstore/detail/sessionbox-free-multi-log/
megbklhjamjbcafknkgmokldgolkdfig
).
You can give it a try, but me honestly, I do not like that option very
much...
Cheers,
Luis
2018-04-06 18:38 GMT+02:00 Emanuele Gesuato
<Emanuele.Gesuato(a)finantix.com>:
> Hi Luis,
>
> thanks for your feedback.
>
> Is there any way to use some access token in order to identify the
current
> user ?
>
> let me recap.
> I have a web application and a "desktop" application they are both
> different but they share the same set of users and they are both in
the
> same keycloak realm.
> When user is logged to web application I would like to trigger some
> authentication mechanism in order to let user automatically logged
when
he
> opens the desktop application.
>
> I am using keycloak 3.4.3 with tomcat7 adapter. Both the web
application
> and the server side application of the "desktop" one
uses tomcat7 as
> servlet container (but they are different instances). Of course
keycloak
> server is the same for both.
>
> I am not sure how a servlet filter can help me solve this issue ...
as
I
> am using the standard tomcat7 keycloak adapter.
>
> Thanks for any help,
> Emanuele
>
>
>
>
>
> From: Luis Rodríguez Fernández <uo67113(a)gmail.com>
> To: Emanuele Gesuato <Emanuele.Gesuato(a)finantix.com>
> Date: 06/04/2018 17:28
> Subject: Re: [keycloak-user] SSO in web and desktop application
>
>
>
> Hello Emanuele,
>
> OK, I see. So if I understand correctly you have "converted" your
webapp
> in a desktop application using something like this
> https://applicationize.me/ in a dedicated browser with some
restrictions.
>
> The problem here is that you are requesting the application from a
> completely different client, it would be the same if you open an
incognito
> window in your browser after login in the siteA.
>
> I have done a quick test with one of our SAML applications and I am
> redirected to the login page of our SSO. After authentication the app
> works perfectly fine.
>
> Perhaps you could try to configure that dedicated browser to
automatically
> use the windows/kerberos credentials of the logged user...
>
> Cheers,
>
> Luis
>
> ps: the servlet filter can work in any servlet container. I am
> successfully using it in tomcat 9 :)
>
>
>
>
>
>
>
>
>
>
>
> 2018-04-06 12:38 GMT+02:00 Emanuele Gesuato
<Emanuele.Gesuato(a)finantix.com
> >:
> sorry for my email issue
> *****************
>
> Hi there,
>
> client-server app is a browser application where we are using the
> keycloak-saml tomcat7 adapter.
>
> Your link refers to a java servlet application that doesn’t have an
> adapter for that servlet platform.
>
> Am I missing something in your answer ?
>
> thanks,
>
>
> Emanuele Gesuato
> Software specialist
>
>
> Mobile: +39 335 757 3556 | Email: emanuele.gesuato(a)finantix.com |
skype:
> emanuelegesuato_work
>
>
> CONFIDENTIALITY NOTICE - The information contained in this
communication
> is intended solely for the use of the individual or entity to
whom it
is
> addressed and others authorized to receive it. It may contain
confidential
> or legally privileged information. If you are not the intended
recipient
> you are hereby notified that any disclosure, copying,
distribution or
> taking any action in reliance on the contents of this information is
> strictly prohibited and may be unlawful. If you have received this
> communication in error, please notify us immediately by responding to
this
> email and then delete it from your system. Finantix is neither liable
for
> the proper and complete transmission of the information contained in
this
> communication nor for any delay in its receipt.
>
>
>
>
> From: Subodh Joshi <subodhcjoshi82(a)gmail.com>
> To: Emanuele Gesuato <Emanuele.Gesuato(a)finantix.com>
> Cc: keycloak-user <keycloak-user(a)lists.jboss.org>
> Date: 06/04/2018 12:11
> Subject: Re: [keycloak-user] SSO in web and desktop application
> Sent by: keycloak-user-bounces(a)lists.jboss.org
>
>
>
> Emanuele Gesuato Look like some issue with your email client/server.
>
> On Fri, Apr 6, 2018 at 3:21 PM, Emanuele Gesuato <
> Emanuele.Gesuato(a)finantix.com> wrote:
>
> >
> > _______________________________________________
> > keycloak-user mailing list
> > keycloak-user(a)lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/keycloak-user
> >
>
>
>
> --
> Subodh Chandra Joshi
> subodh1_joshi82(a)yahoo.co.in
> http://www.trendsinnews.com
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
>
>
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
>
>
> --
> "Ever tried. Ever failed. No matter. Try Again. Fail again. Fail
better."
> - Samuel Beckett
>
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
--
"Ever tried. Ever failed. No matter. Try Again. Fail again. Fail
better."
- Samuel Beckett
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
--
"Ever tried. Ever failed. No matter. Try Again. Fail again. Fail better."
- Samuel Beckett
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
2930
days inactive
2940
days old
4 comments
2 participants
participants (2)
-
Emanuele Gesuato -
Luis Rodríguez Fernández