[keycloak-user] Multi realms approach
Michael Liebe
Michael.Liebe at ist.com
Sat Sep 30 02:55:18 EDT 2017
Hi,
We have a similar setup and achieve cross-realm authentication through an extra IdP instance (which is actually a requirement for us because the IdPs are owned by the customers). This adds of course an administrative overhead.
Realm selection is in our case done by setting a specific header on the reverse proxy. The realm name is hereby derived from the request url. Accordingly, we implemented a custom KeycloakConfigResolver that reads the realm name from the header.
I hope this helps,
Michael
On 2017-09-27, 14:14, "keycloak-user-bounces at lists.jboss.org on behalf of Matthias ANGLADE" <keycloak-user-bounces at lists.jboss.org on behalf of manglade at nextoo.fr> wrote:
Hi,
I'm currently working on a project with specific requirements. Actually
what we are trying to do is to setup a Keycloak in order to protect several
applications. Each of these applications will potentially have their own
set of webapps and micro-services. What we intended to do is to declare a
realm per app (and each component of the app would be a client within it's
own realm).
We need to setup some cross-realm features such as realm selection,
multi-realm authentication (i.e not being forced to re-login when switchin
from one realm to another).
I'm looking for advices or feedbacks in implementing such a case. Would you
have any ?
Yours,
_______________________________________________
keycloak-user mailing list
keycloak-user at lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
More information about the keycloak-user
mailing list