+1 for this feature. ᐧ On Tue, Dec 15, 2015 at 4:39 PM, Helder dos S. Alves < helder.jaspion(a)gmail.com&gt; wrote:

Stian - Even we have a similar requirement of having different themes, but for different divisions within the firm. Some of them have additional functionality of changing even the password. Can you suggest some way of achieving the above functionality considering that all the other functionality is the same for all divisions? Thanks,Raghu From: Stian Thorgersen <sthorger(a)redhat.com&gt; To: Revanth Ayalasomayajula <revanth(a)arvindinternet.com&gt; Cc: keycloak-user <keycloak-user(a)lists.jboss.org&gt; Sent: Thursday, December 17, 2015 8:05 AM Subject: Re: [keycloak-user] Different theme for each client Having different clients login to the same SSO realm with different branded login pages just doesn't make sense. If we add the concept of a SSO domain/zone or something within a realm, where a group of clients have separate themes and SSO session that would make sense. On 15 December 2015 at 12:14, Revanth Ayalasomayajula <revanth(a)arvindinternet.com&gt; wrote: +1 for this feature.ᐧ On Tue, Dec 15, 2015 at 4:39 PM, Helder dos S. Alves <helder.jaspion(a)gmail.com&gt; wrote: Hi. I need to have a different theme for each of the clients of a realm.If a user came from one client, I have to show a keycloak page with the logo and skin of that client.Is it possible with Keycloak? How? Thanks in advance. Helder S. Alves _______________________________________________ keycloak-user mailing list keycloak-user(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-user _______________________________________________ keycloak-user mailing list keycloak-user(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-user _______________________________________________ keycloak-user mailing list keycloak-user(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-user

Pe It depends upon the application that the user accesses. We have several scenarios where the same set of users login to different applications in different divisions, some internet facing that have a totally different look from our intranet ones and it also depends upon whether the applications look for multi factor authentication as well. This is a very common scenario - We typically have different themes presented to the users based on what the client applications request (different themes can be requested utilizing different http parameters) Perhaps we can define different realms for different themes but it becomes very cumbersome From: Stian Thorgersen <sthorger(a)redhat.com&gt; To: Raghuram Prabhala <prabhalar(a)yahoo.com&gt; Cc: Revanth Ayalasomayajula <revanth(a)arvindinternet.com>; keycloak-user <keycloak-user(a)lists.jboss.org&gt; Sent: Thursday, December 17, 2015 9:28 AM Subject: Re: [keycloak-user] Different theme for each client On 17 December 2015 at 14:44, Raghuram Prabhala <prabhalar(a)yahoo.com&gt; wrote: Stian - Even we have a similar requirement of having different themes, but for different divisions within the firm. Some of them have additional functionality of changing even the password. Can you suggest some way of achieving the above functionality considering that all the other functionality is the same for all divisions? Not actually sure what you mean here. It just doesn't make sense to show a user two login pages that look different (and possible have different things enabled/disable) if they use the same realm and SSO session.  Thanks,Raghu From: Stian Thorgersen <sthorger(a)redhat.com&gt; To: Revanth Ayalasomayajula <revanth(a)arvindinternet.com&gt; Cc: keycloak-user <keycloak-user(a)lists.jboss.org&gt; Sent: Thursday, December 17, 2015 8:05 AM Subject: Re: [keycloak-user] Different theme for each client Having different clients login to the same SSO realm with different branded login pages just doesn't make sense. If we add the concept of a SSO domain/zone or something within a realm, where a group of clients have separate themes and SSO session that would make sense. On 15 December 2015 at 12:14, Revanth Ayalasomayajula <revanth(a)arvindinternet.com&gt; wrote: +1 for this feature.ᐧ On Tue, Dec 15, 2015 at 4:39 PM, Helder dos S. Alves <helder.jaspion(a)gmail.com&gt; wrote: Hi. I need to have a different theme for each of the clients of a realm.If a user came from one client, I have to show a keycloak page with the logo and skin of that client.Is it possible with Keycloak? How? Thanks in advance. Helder S. Alves _______________________________________________ keycloak-user mailing list keycloak-user(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-user _______________________________________________ keycloak-user mailing list keycloak-user(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-user _______________________________________________ keycloak-user mailing list keycloak-user(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-user

On 18/12/15 08:23, Stian Thorgersen wrote: I wonder if we can have something like "different-realm-user-federation-provider" ? We had something like this in the early days of Keycloak. For example, if you have 2 realms "blueRealm" and "greenRealm" . The greenRealm will have defined federation provider, which will delegate retrieving users to blueRealm. Then all applications configured against greenRealm will see green login screen, but they will be able to authenticate with users+passwords from blueRealm. Marek

On 18/12/15 09:39, Stian Thorgersen wrote: Yeah. Once we address in-memory federation, it's going to be better though. Might be easier then introduce brand new concept of SSO groups within realm. Marek

Perhaps the ideas below would work but I think it simply complicates things and not warranted as a single realm is what we are looking for. Based on what we saw in other commercial products, I am wondering why the themes/login pages can't be dynamically served by a Server component with everything else being the same. My apologies if I am overlooking something as I haven't really looked into the themes in KC. From: Marek Posolda <mposolda(a)redhat.com&gt; To: stian(a)redhat.com Cc: Raghuram Prabhala <prabhalar(a)yahoo.com>; keycloak-user <keycloak-user(a)lists.jboss.org&gt; Sent: Friday, December 18, 2015 3:44 AM Subject: Re: [keycloak-user] Different theme for each client On 18/12/15 09:39, Stian Thorgersen wrote: On 18 December 2015 at 09:35, Marek Posolda <mposolda(a)redhat.com&gt; wrote: On 18/12/15 08:23, Stian Thorgersen wrote: The best solution to that is either the ability to share users between realms or more likely the ability to define a SSO group within a realm. Each SSO group would have independent SSO sessions and could also have separate themes associated with it. It's not something we have resources for right now though. I wonder if we can have something like "different-realm-user-federation-provider" ? We had something like this in the early days of Keycloak. For example, if you have 2 realms "blueRealm" and "greenRealm" . The greenRealm will have defined federation provider, which will delegate retrieving users to blueRealm. Then all applications configured against greenRealm will see green login screen, but they will be able to authenticate with users+passwords from blueRealm. That's not very elegant at least not ATM as we would end up duplicating the users in the DB. Yeah. Once we address in-memory federation, it's going to be better though. Might be easier then introduce brand new concept of SSO groups within realm. Marek   Marek Simply displaying a different theme per-client just doesn't make any sense at all. Users log-in to a SSO realm, not an individual client. So I'm against adding something like that unless we add the ability to log-in to clients or groups of clients individually. On 18 December 2015 at 03:08, Raghuram Prabhala <prabhalar(a)yahoo.com&gt; wrote: Pe It depends upon the application that the user accesses. We have several scenarios where the same set of users login to different applications in different divisions, some internet facing that have a totally different look from our intranet ones and it also depends upon whether the applications look for multi factor authentication as well. This is a very common scenario - We typically have different themes presented to the users based on what the client applications request (different themes can be requested utilizing different http parameters) Perhaps we can define different realms for different themes but it becomes very cumbersome From: Stian Thorgersen <sthorger(a)redhat.com&gt; To: Raghuram Prabhala <prabhalar(a)yahoo.com&gt; Cc: Revanth Ayalasomayajula <revanth(a)arvindinternet.com>; keycloak-user <keycloak-user(a)lists.jboss.org&gt; Sent: Thursday, December 17, 2015 9:28 AM Subject: Re: [keycloak-user] Different theme for each client On 17 December 2015 at 14:44, Raghuram Prabhala <prabhalar(a)yahoo.com&gt; wrote: Stian - Even we have a similar requirement of having different themes, but for different divisions within the firm. Some of them have additional functionality of changing even the password. Can you suggest some way of achieving the above functionality considering that all the other functionality is the same for all divisions? Not actually sure what you mean here. It just doesn't make sense to show a user two login pages that look different (and possible have different things enabled/disable) if they use the same realm and SSO session.   Thanks, Raghu From: Stian Thorgersen <sthorger(a)redhat.com&gt; To: Revanth Ayalasomayajula <revanth(a)arvindinternet.com&gt; Cc: keycloak-user <keycloak-user(a)lists.jboss.org&gt; Sent: Thursday, December 17, 2015 8:05 AM Subject: Re: [keycloak-user] Different theme for each client Having different clients login to the same SSO realm with different branded login pages just doesn't make sense. If we add the concept of a SSO domain/zone or something within a realm, where a group of clients have separate themes and SSO session that would make sense. On 15 December 2015 at 12:14, Revanth Ayalasomayajula <revanth(a)arvindinternet.com&gt; wrote: +1 for this feature. ᐧ On Tue, Dec 15, 2015 at 4:39 PM, Helder dos S. Alves <helder.jaspion(a)gmail.com&gt; wrote: Hi. I need to have a different theme for each of the clients of a realm. If a user came from one client, I have to show a keycloak page with the logo and skin of that client. Is it possible with Keycloak? How? Thanks in advance. Helder S. Alves _______________________________________________ keycloak-user mailing list keycloak-user(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-user _______________________________________________ keycloak-user mailing list keycloak-user(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-user _______________________________________________ keycloak-user mailing list keycloak-user(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-user _______________________________________________ keycloak-user mailing list keycloak-user(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-user