[keycloak-user] SSO between apps with different protocol

Stian Thorgersen sthorger at redhat.com
Thu Jun 2 13:22:49 EDT 2016


On 2 June 2016 at 15:06, Rafael T. C. Soares <rsoares at redhat.com> wrote:

>
> ___
> Rafael T. C. Soares
>
> On 06/02/2016 02:43 AM, Stian Thorgersen wrote:
>
>
>
> On 2 June 2016 at 04:13, Rafael T. C. Soares <rsoares at redhat.com> wrote:
>
>> Hi!
>>
>> Please ignore my last question.
>>
>> It worked fine. Keycloak checks the existence of a Session for the user
>> logged in the first app. Obviously the SSO will happen if I try to access
>> the other app using the same Browser Session. Additionally I suppose  both
>> apps have to be under the same realm. Makes sense?
>>
>
> Yes, the SSO session is bound to one realm and browser session
>
>
>>
>> BTW, is it possible to disable Single Sign out for a specific client app?
>>
>
> Not sure what you mean about disabling single sign out? Do you want to
> client to have access after the user has logged-out? If so you can use
> offline tokens if you are using OpenID Connect
>
> For example In my scenario If the user logout from the second app (sharing
> the same browser session and realm) it should be logged out only from that
> app (2nd). But should remain logged in the 1st one. Does it makes sense? Is
> that possible?
>

Not really. It's SSO and all apps are using the same SSO session. In either
case it's not really supported.


>
>
>
>>
>> ___
>> Rafael T. C. Soares
>>
>> On 06/01/2016 07:26 PM, Rafael T. C. Soares wrote:
>>
>> Hi!
>>
>> I have one common realm (eg: demo-realm) with two client apps under it:
>>
>>  - 1st app using SAML protocol - hosted in app srv 1 (tomcat)
>>  - 2nd app using Keycloak default OpenID Connect - hosted in app srv 2
>> (JBoss EAP)
>>
>> What I need to do in order to enable SSO between these both apps?
>>
>> I tried log in in the 1st one and them tried to access the 2nd one, but
>> the SSO does not works :-/
>>
>> --
>> ___
>> Rafael T. C. Soares
>>
>>
>>
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160602/2628f715/attachment-0001.html 


More information about the keycloak-user mailing list