[keycloak-user] Multi realms approach
Stephen Henrie
stephen at saasindustries.com
Sat Sep 30 13:34:21 EDT 2017
I am curious....how does this address the issue of requiring users to
re-login again to switch realms?
I ask, as this is a very common need and since the access token is specific
to a keycloak realm, I don't see how this would address that situation
without Keycloak supporting "trusted realms".
Thanks
Stephen
On Fri, Sep 29, 2017 at 11:55 PM, Michael Liebe <Michael.Liebe at ist.com>
wrote:
> Hi,
>
> We have a similar setup and achieve cross-realm authentication through an
> extra IdP instance (which is actually a requirement for us because the IdPs
> are owned by the customers). This adds of course an administrative overhead.
>
> Realm selection is in our case done by setting a specific header on the
> reverse proxy. The realm name is hereby derived from the request url.
> Accordingly, we implemented a custom KeycloakConfigResolver that reads the
> realm name from the header.
>
> I hope this helps,
> Michael
>
>
>
>
> On 2017-09-27, 14:14, "keycloak-user-bounces at lists.jboss.org on behalf of
> Matthias ANGLADE" <keycloak-user-bounces at lists.jboss.org on behalf of
> manglade at nextoo.fr> wrote:
>
> Hi,
>
> I'm currently working on a project with specific requirements. Actually
> what we are trying to do is to setup a Keycloak in order to protect
> several
> applications. Each of these applications will potentially have their
> own
> set of webapps and micro-services. What we intended to do is to
> declare a
> realm per app (and each component of the app would be a client within
> it's
> own realm).
>
> We need to setup some cross-realm features such as realm selection,
> multi-realm authentication (i.e not being forced to re-login when
> switchin
> from one realm to another).
>
> I'm looking for advices or feedbacks in implementing such a case.
> Would you
> have any ?
>
> Yours,
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
More information about the keycloak-user
mailing list