[keycloak-user] Users spanning across realms

Gary Brown gbrown at redhat.com
Fri Nov 7 09:21:31 EST 2014


As mentioned in previous post, I'm looking at how to leverage KeyCloak within the Overlord governance projects.

I can see how our web UIs and REST services could be defined within a single realm, with the appropriate roles, users and user/role mappings. However if we wanted to build some apps that made use of other JBoss projects, that also used KeyCloak, but with their own realms, then how would a user be defined to use our app that may at the backend need to call services provided by other projects/realms?

Wondering whether the user concept needs to be defined outside of a realm, so that it could be assigned roles within a number of realms, allowing them to access the various apps in those different domains?

More of a conceptual discussion, rather than an actual problem at this stage - was more curious how it could work, as not a security expert.


More information about the keycloak-user mailing list