[keycloak-user] Theming applications by customers

Hartmut Benz h.benz at first8.nl
Wed Mar 15 04:08:17 EDT 2017


Hi Nicolas,

I think we have done something quite similar that you could try if it 
matches your use case. We have different clients that we map to 
different realms (from your description I did not quite get if you can 
or cannot do that). Then we modified 
PathBasedKeycloakConfigResolver.java from the KC examples and turned it 
into a DomainBased config resolver that selects the correct KC config. 
In your example this would be the blue and the green KC-config, matching 
the blue and green realms, respectively. The realms are configured for 
the customer-specific blue and green themes, which both inherit from the 
general application theme.

Hope that helps you further
/Hartmut


On 10/03/2017 15:02, Nicolas Gillet wrote:
> Hello Stian
>
> Thank you for the quick reply.
>
> I saw that issue when google-ing about Keycloak theming.
>
> It would indeed be helpful for us but doesn’t fully fit our need.
>
> Some of our customers use several applications of ours. For each application, they currently have a separate account. (cumbersome for them)
> For these customers, we create branding of our applications, these branding are then also replicated in the different applications (cumbersome for us)
>
> I think an example may be helpful
> Let’s say we have a blue customer and a green customer as well as an app1 and an app2.
>
> Our blue customer will use www.app1.blue.com<http://www.app1.blue.com> and www.app2.blue.com<http://www.app2.blue.com>
> Our green customer will use www.app1.green.com<http://www.app1.green.com> and www.app2.green.com<http://www.app2.green.com>
>
> Both app1.blue.com and app1.green.com are the very same application “app1” (same IP, same server, same database)
> Same goes for app2.blue.com and app2.green.com that are the very same application “app2” (IP, server, DB) separated from “app1”
>
> The login pages of the applications are aware that the domain is “green” or “blue” and then display a blue or green branding.
>
> With Keycloak “app1” and “app2” will be “clients” in a realm (as far as I understand it).
>
> To be able to display the correct color to the correct customer, I see no other solutions than creating a “blue” and a “green” realm (+theme) duplicating the configuration of clients “app1” and “app2” in both realms.
>
> So, I was wondering if there exists a way in Keycloak to avoid this duplication and still offer unified branding across different applications.
>
> Kind regards,
>
>
> Nicolas GILLET
>
> Market-IP – Creating Mobile Intelligence
> Phone : +32 81 33 11 11
> Fax : +32 81 33 11 10
>
> De : Stian Thorgersen [mailto:sthorger at redhat.com]
> Envoyé : vendredi 10 mars 2017 13:54
> À : Nicolas Gillet <nicolas.gillet at market-ip.com>
> Cc : keycloak-user at lists.jboss.org
> Objet : Re: [keycloak-user] Theming applications by customers
>
> Would https://issues.jboss.org/browse/KEYCLOAK-3370 do the trick?
>
> On 10 March 2017 at 13:39, Nicolas Gillet <nicolas.gillet at market-ip.com<mailto:nicolas.gillet at market-ip.com>> wrote:
> Hello,
>
> I am looking for an SSO solution and started playing around with Keycloak.
> We currently have no SSO solution but it has become a need that our application can seamlessly interact.
>
> Our customers have "branding" requirement so we adapt the look of our application pages (including login pages) with their logo and colors.
> For some customers, we use a cookie to know which branding they need, for others we have dedicated domain names pointing to the very same IP's.
>
> >From what I grasped of Keycloak, this branding can be achieved with "themes" that can be configured on "realms".
> Configuring a realm seems to require quite some time and if we have an important number of branded customer this might become hard to maintain.
> Also, the "topology" of our application (which are "clients" in Keycloak I think) remains the same for all customers of ours but as a "client" belongs to a single "realm" we'll have to duplicate this configuration and propagate the changes to any realm.
>
> So, I am wondering if Keycloak can fit our need of if I don't get it correctly.
>
> If someone could be kind enough to shed some light on this for me or point me toward a way to achieve our goal I'd be very thankful.
>
> Kind regards,
>
> Nicolas GILLET
>
> Market-IP - Creating Mobile Intelligence
> Phone : +32 81 33 11 11<tel:%2B32%2081%2033%2011%2011>
> Fax : +32 81 33 11 10<tel:%2B32%2081%2033%2011%2010>
> www.market-ip.com<http://www.market-ip.com><http://www.market-ip.com/> - www.telefleet.com<http://www.telefleet.com><http://www.telefleet.com/> - www.geoplanning.net<http://www.geoplanning.net><http://www.geoplanning.net/> - www.drivexpert.net<http://www.drivexpert.net><http://www.drivexpert.net/>
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org<mailto:keycloak-user at lists.jboss.org>
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user

-- 
Dr. Hartmut Benz                                   +31 (0)6  30 167 093
First8 B.V.                 Kerkenbos 10-59b       +31 (0)24 34 835 70
www.first8.nl               6546BB Nijmegen        h.benz at first8.nl



More information about the keycloak-user mailing list