[keycloak-user] Single Sign On without browser redirect.

Laghuvaram, Raghu RLaghuvaram at contractor.lb.com
Wed Nov 9 14:47:19 EST 2016

I have two applications App1 and App2(both are on different servers and both have different branding) and I want to achieve single sign on using key cloak. I have few concerns,

  1.  I want to make use of our own login/signin pages residing in App1 and App2 rather than redirecting to KeyCloak Login Page, and post the request to KeyCloak similar to org.keycloak.testsuite.util.OAuthClient#doGrantAccessTokenRequest. I am successful in getting AccessToken in App1, but how can I achieve SSO with App2 in this scenario?
  2.  If I can't have login pages to be on my apps, then can I have multiple login themes, in such a way that I can have different theme per app(per client). Right now I see that I can have only one theme per realm.
  3.  I have native mobile apps for these two apps, so I need to make sure my architecture supports login thru native apps as well.
  4.  Currently I am using Java Servlet Filter Adapter to make use of KeyCloak, I gave my secured pages url (/secured/*) for the filter KeycloakOIDCFilter and for non secured pages in my application ( where url is "/*") I have added another filter to refresh the token using "refreshableKeycloakSecurityContext.refreshExpiredToken(true);" This works perfect when I am using httpsession, but when I make stateless using the tokenstore to use cookie, then I can't get hold of   refreshableKeycloakSecurityContext with out replicating the httpsession across multiple instances of my web servers. If this is not the right way, then how can I maintain session with IDP from my non secured pages?



Notice: This communication may contain privileged and/or confidential information. If you are not the intended recipient, please notify the sender by email, and immediately delete the message and any attachments without copying or disclosing them. LB may, for any reason, intercept, access, use, and disclose any information that is communicated by or through, or which is stored on, its networks, applications, services, and devices.

More information about the keycloak-user mailing list