[keycloak-user] Help with SSO
Jorge M.
jm85martins at gmail.com
Thu May 4 06:51:06 EDT 2017
Thank you all for the replies.
The "SSO" solution used on the other systems is an old custom in house
solution based on tokens (inspired by oauth but not properly compliant with
the spec).
One of the possibilities is to use keycloak as authentication provider in
all the systems. Here, probably we should use different realms as the scope
of the apps is different and also we want to use different login page
themes, etc.
So, is it possible to do SSO among different realms? How can we do that? Is
there any example?
Thank you,
JM
2017-05-04 7:15 GMT+01:00 Thomas Recloux <thomas at recloux.fr>:
>
> > > Hi,
>
> Hi,
>
> > > So..summing up:
> > > - System "A" is using keycloak with a realm "RealmA" with multiple
> clients
> > > (modules) with sso between them.
> > > - Other systems "B", "C" with their custom authentication and
> authorization
> > > - We are using a custom federation on keycloak over the same users
> > > database that is shared among all the systems.
> > >
> > > What's the best practise to achieve sso between all the systems?
> > > We are thinking about a proxy that detects if the user has a session on
> > > some of the other systems and if that is true, we programatically
> create a
> > > session on keycloak for a given (Is this possible with the API?).
>
> One possible solution could be to use Keycloak as authentification
> system for systems B and C.
> You can may be use the apache module to proxy these apps and trigger the
> authentication workflow with keycloak.
> https://keycloak.gitbooks.io/documentation/securing_apps/
> topics/oidc/mod-auth-openidc.html
>
> Thomas
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
More information about the keycloak-user
mailing list