[keycloak-user] set session cookie domain?

keycloak-user.myq at xoxy.net keycloak-user.myq at xoxy.net
Mon Oct 26 10:21:58 EDT 2015

My goal is to have several web services (which reside at sub1.domain.com,
sub2.domain.com, etc.) all redirect users to auth.domain.com for login.
When a user is logged in and visits one of the web services, the web
service should be able to get the user's identity from a claim signed by
the authentication service (keycloak). The only way I know of to do this is
to pass a claim in a cookie.

Ideally, the web service should be able to verify the identity claim
without needing to emit an HTTP request to the auth service (by verifying
the signature against the realm's public key).

Is keycloak the right choice for this? and if not, do you have any

On Mon, Oct 26, 2015 at 9:49 AM, Marek Posolda - mposolda at redhat.com <
keycloak-user.myq.aa3199607d.mposolda#redhat.com at ob.0sg.net> wrote:

> This doesn't seem to be supported. Question is why you need it? All the
> cookies like KEYCLOAK_IDENTITY are set by keycloak server and it's just the
> keycloak server, which is supposed to read them.
> Marek
> On 26/10/15 14:26, keycloak-user.myq at xoxy.net wrote:
> Hello. How can I set the domain of session cookies?
> I want to run keycloak at auth.mydomain.com and get the session cookies
> (for SSO) at other subdomains of mydomain.com.
> Browsers will allow sub.domain.com to set cookies for domain.com, but I
> can't figure out how to get Keycloak to do this.
> Thanks in advance!
> _______________________________________________
> keycloak-user mailing listkeycloak-user at lists.jboss.orghttps://lists.jboss.org/mailman/listinfo/keycloak-user
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20151026/d316fee5/attachment.html 

More information about the keycloak-user mailing list