[keycloak-user] Multi realms approach

Stephen Henrie stephen at saasindustries.com
Sat Sep 30 13:34:21 EDT 2017


I am curious....how does this address the issue of requiring users to
re-login again to switch realms?

I ask, as this is a very common need and since the access token is specific
to a keycloak realm, I don't see how this would address that situation
without Keycloak supporting "trusted realms".

Thanks
Stephen


On Fri, Sep 29, 2017 at 11:55 PM, Michael Liebe <Michael.Liebe at ist.com>
wrote:

> Hi,
>
> We have a similar setup and achieve cross-realm authentication through an
> extra IdP instance (which is actually a requirement for us because the IdPs
> are owned by the customers). This adds of course an administrative overhead.
>
> Realm selection is in our case done by setting a specific header on the
> reverse proxy. The realm name is hereby derived from the request url.
> Accordingly, we implemented a custom KeycloakConfigResolver that reads the
> realm name from the header.
>
> I hope this helps,
> Michael
>
>
>
>
> On 2017-09-27, 14:14, "keycloak-user-bounces at lists.jboss.org on behalf of
> Matthias ANGLADE" <keycloak-user-bounces at lists.jboss.org on behalf of
> manglade at nextoo.fr> wrote:
>
>     Hi,
>
>     I'm currently working on a project with specific requirements. Actually
>     what we are trying to do is to setup a Keycloak in order to protect
> several
>     applications. Each of these applications will potentially have their
> own
>     set of webapps and micro-services. What we intended to do is to
> declare a
>     realm per app (and each component of the app would be a client within
> it's
>     own realm).
>
>     We need to setup some cross-realm features such as realm selection,
>     multi-realm authentication (i.e not being forced to re-login when
> switchin
>     from one realm to another).
>
>     I'm looking for advices or feedbacks in implementing such a case.
> Would you
>     have any ?
>
>     Yours,
>     _______________________________________________
>     keycloak-user mailing list
>     keycloak-user at lists.jboss.org
>     https://lists.jboss.org/mailman/listinfo/keycloak-user
>
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>


More information about the keycloak-user mailing list