[keycloak-user] Different theme for each client

Marek Posolda mposolda at redhat.com
Fri Dec 18 03:44:20 EST 2015 

On 18/12/15 09:39, Stian Thorgersen wrote:
>
>
> On 18 December 2015 at 09:35, Marek Posolda <mposolda at redhat.com 
> <mailto:mposolda at redhat.com>> wrote:
>
>     On 18/12/15 08:23, Stian Thorgersen wrote:
>>     The best solution to that is either the ability to share users
>>     between realms or more likely the ability to define a SSO group
>>     within a realm. Each SSO group would have independent SSO
>>     sessions and could also have separate themes associated with it.
>>     It's not something we have resources for right now though.
>     I wonder if we can have something like
>     "different-realm-user-federation-provider" ? We had something like
>     this in the early days of Keycloak.
>
>     For example, if you have 2 realms "blueRealm" and "greenRealm" .
>     The greenRealm will have defined federation provider, which will
>     delegate retrieving users to blueRealm. Then all applications
>     configured against greenRealm will see green login screen, but
>     they will be able to authenticate with users+passwords from
>     blueRealm.
>
>
> That's not very elegant at least not ATM as we would end up 
> duplicating the users in the DB.
Yeah. Once we address in-memory federation, it's going to be better 
though. Might be easier then introduce brand new concept of SSO groups 
within realm.

Marek
>
>
>     Marek
>
>
>>
>>     Simply displaying a different theme per-client just doesn't make
>>     any sense at all. Users log-in to a SSO realm, not an individual
>>     client. So I'm against adding something like that unless we add
>>     the ability to log-in to clients or groups of clients individually.
>>
>>     On 18 December 2015 at 03:08, Raghuram Prabhala
>>     <prabhalar at yahoo.com <mailto:prabhalar at yahoo.com>> wrote:
>>
>>         Pe
>>
>>         It depends upon the application that the user accesses. We
>>         have several scenarios where the same set of users login to
>>         different applications in different divisions, some internet
>>         facing that have a totally different look from our intranet
>>         ones and it also depends upon whether the applications look
>>         for multi factor authentication as well.
>>
>>         This is a very common scenario - We typically have different
>>         themes presented to the users based on what the client
>>         applications request (different themes can be requested
>>         utilizing different http parameters)
>>
>>         Perhaps we can define different realms for different themes
>>         but it becomes very cumbersome
>>
>>
>>
>>         ------------------------------------------------------------------------
>>         *From:* Stian Thorgersen <sthorger at redhat.com
>>         <mailto:sthorger at redhat.com>>
>>         *To:* Raghuram Prabhala <prabhalar at yahoo.com
>>         <mailto:prabhalar at yahoo.com>>
>>         *Cc:* Revanth Ayalasomayajula <revanth at arvindinternet.com
>>         <mailto:revanth at arvindinternet.com>>; keycloak-user
>>         <keycloak-user at lists.jboss.org
>>         <mailto:keycloak-user at lists.jboss.org>>
>>         *Sent:* Thursday, December 17, 2015 9:28 AM
>>
>>         *Subject:* Re: [keycloak-user] Different theme for each client
>>
>>
>>
>>         On 17 December 2015 at 14:44, Raghuram Prabhala
>>         <prabhalar at yahoo.com <mailto:prabhalar at yahoo.com>> wrote:
>>
>>             Stian - Even we have a similar requirement of having
>>             different themes, but for different divisions within the
>>             firm. Some of them have additional functionality of
>>             changing even the password. Can you suggest some way of
>>             achieving the above functionality considering that all
>>             the other functionality is the same for all divisions?
>>
>>
>>         Not actually sure what you mean here. It just doesn't make
>>         sense to show a user two login pages that look different (and
>>         possible have different things enabled/disable) if they use
>>         the same realm and SSO session.
>>
>>
>>             Thanks,
>>             Raghu
>>
>>             ------------------------------------------------------------------------
>>             *From:* Stian Thorgersen <sthorger at redhat.com
>>             <mailto:sthorger at redhat.com>>
>>             *To:* Revanth Ayalasomayajula <revanth at arvindinternet.com
>>             <mailto:revanth at arvindinternet.com>>
>>             *Cc:* keycloak-user <keycloak-user at lists.jboss.org
>>             <mailto:keycloak-user at lists.jboss.org>>
>>             *Sent:* Thursday, December 17, 2015 8:05 AM
>>             *Subject:* Re: [keycloak-user] Different theme for each
>>             client
>>
>>             Having different clients login to the same SSO realm with
>>             different branded login pages just doesn't make sense. If
>>             we add the concept of a SSO domain/zone or something
>>             within a realm, where a group of clients have separate
>>             themes and SSO session that would make sense.
>>
>>             On 15 December 2015 at 12:14, Revanth Ayalasomayajula
>>             <revanth at arvindinternet.com
>>             <mailto:revanth at arvindinternet.com>> wrote:
>>
>>                 +1 for this feature.
>>>>
>>                 On Tue, Dec 15, 2015 at 4:39 PM, Helder dos S. Alves
>>                 <helder.jaspion at gmail.com
>>                 <mailto:helder.jaspion at gmail.com>> wrote:
>>
>>                     Hi.
>>
>>                     I need to have a different theme for each of the
>>                     clients of a realm.
>>                     If a user came from one client, I have to show a
>>                     keycloak page with the logo and skin of that client.
>>                     Is it possible with Keycloak? How?
>>
>>                     Thanks in advance.
>>
>>
>>                     Helder S. Alves
>>
>>                     _______________________________________________
>>                     keycloak-user mailing list
>>                     keycloak-user at lists.jboss.org
>>                     <mailto:keycloak-user at lists.jboss.org>
>>                     https://lists.jboss.org/mailman/listinfo/keycloak-user
>>
>>
>>
>>                 _______________________________________________
>>                 keycloak-user mailing list
>>                 keycloak-user at lists.jboss.org
>>                 <mailto:keycloak-user at lists.jboss.org>
>>                 https://lists.jboss.org/mailman/listinfo/keycloak-user
>>
>>
>>
>>             _______________________________________________
>>             keycloak-user mailing list
>>             keycloak-user at lists.jboss.org
>>             <mailto:keycloak-user at lists.jboss.org>
>>             https://lists.jboss.org/mailman/listinfo/keycloak-user
>>
>>
>>
>>
>>
>>
>>
>>
>>     _______________________________________________
>>     keycloak-user mailing list
>>     keycloak-user at lists.jboss.org <mailto:keycloak-user at lists.jboss.org>
>>     https://lists.jboss.org/mailman/listinfo/keycloak-user
>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20151218/36d6adb6/attachment-0001.html

More information about the keycloak-user mailing list