[keycloak-user] Users spanning across realms

Bill Burke bburke at redhat.com
Fri Nov 7 16:02:57 EST 2014

Have one realm.  Have multiple applications, each defining their own 
role set.

On 11/7/2014 9:21 AM, Gary Brown wrote:
> Hi
> As mentioned in previous post, I'm looking at how to leverage KeyCloak within the Overlord governance projects.
> I can see how our web UIs and REST services could be defined within a single realm, with the appropriate roles, users and user/role mappings. However if we wanted to build some apps that made use of other JBoss projects, that also used KeyCloak, but with their own realms, then how would a user be defined to use our app that may at the backend need to call services provided by other projects/realms?
> Wondering whether the user concept needs to be defined outside of a realm, so that it could be assigned roles within a number of realms, allowing them to access the various apps in those different domains?
> More of a conceptual discussion, rather than an actual problem at this stage - was more curious how it could work, as not a security expert.
> Regards
> Gary
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user

Bill Burke
JBoss, a division of Red Hat

More information about the keycloak-user mailing list