[keycloak-user] SSO in web and desktop application
Luis Rodríguez Fernández
uo67113 at gmail.com
Wed Apr 11 12:58:47 EDT 2018
Hello Emanuele,
Please, forget about the servlet filter, at the beginning I thought that
the "client-server application developed in java" was not using any
keycloak adaptor, sorry for the confusion.
No, SAML does not provide a token that you can share between different
clients.
You could think about share the cookies between the browser and the
"client-server" app, but this is a horrible hack. I would warn you to avoid
this way :)
Me, personally I would explore these two options:
a) Dedicated browser to automatically use the windows/kerberos credentials
of the logged user.
b) Let the dedicated browser redirect the user to the IdP login page. Yes,
users has to authenticate, but it will save you a lot of headache...
If you are using chrome there are extensions that apparently let you share
sessions between devices (
https://chrome.google.com/webstore/detail/sessionbox-free-multi-log/megbklhjamjbcafknkgmokldgolkdfig).
You can give it a try, but me honestly, I do not like that option very
much...
Cheers,
Luis
2018-04-06 18:38 GMT+02:00 Emanuele Gesuato <Emanuele.Gesuato at finantix.com>:
> Hi Luis,
>
> thanks for your feedback.
>
> Is there any way to use some access token in order to identify the current
> user ?
>
> let me recap.
> I have a web application and a "desktop" application they are both
> different but they share the same set of users and they are both in the
> same keycloak realm.
> When user is logged to web application I would like to trigger some
> authentication mechanism in order to let user automatically logged when he
> opens the desktop application.
>
> I am using keycloak 3.4.3 with tomcat7 adapter. Both the web application
> and the server side application of the "desktop" one uses tomcat7 as
> servlet container (but they are different instances). Of course keycloak
> server is the same for both.
>
> I am not sure how a servlet filter can help me solve this issue ... as I
> am using the standard tomcat7 keycloak adapter.
>
> Thanks for any help,
> Emanuele
>
>
>
>
>
> From: Luis Rodríguez Fernández <uo67113 at gmail.com>
> To: Emanuele Gesuato <Emanuele.Gesuato at finantix.com>
> Date: 06/04/2018 17:28
> Subject: Re: [keycloak-user] SSO in web and desktop application
>
>
>
> Hello Emanuele,
>
> OK, I see. So if I understand correctly you have "converted" your webapp
> in a desktop application using something like this
> https://applicationize.me/ in a dedicated browser with some restrictions.
>
> The problem here is that you are requesting the application from a
> completely different client, it would be the same if you open an incognito
> window in your browser after login in the siteA.
>
> I have done a quick test with one of our SAML applications and I am
> redirected to the login page of our SSO. After authentication the app
> works perfectly fine.
>
> Perhaps you could try to configure that dedicated browser to automatically
> use the windows/kerberos credentials of the logged user...
>
> Cheers,
>
> Luis
>
> ps: the servlet filter can work in any servlet container. I am
> successfully using it in tomcat 9 :)
>
>
>
>
>
>
>
>
>
>
>
> 2018-04-06 12:38 GMT+02:00 Emanuele Gesuato <Emanuele.Gesuato at finantix.com
> >:
> sorry for my email issue
> *****************
>
> Hi there,
>
> client-server app is a browser application where we are using the
> keycloak-saml tomcat7 adapter.
>
> Your link refers to a java servlet application that doesn’t have an
> adapter for that servlet platform.
>
> Am I missing something in your answer ?
>
> thanks,
>
>
> Emanuele Gesuato
> Software specialist
>
>
> Mobile: +39 335 757 3556 | Email: emanuele.gesuato at finantix.com | skype:
> emanuelegesuato_work
>
>
> CONFIDENTIALITY NOTICE - The information contained in this communication
> is intended solely for the use of the individual or entity to whom it is
> addressed and others authorized to receive it. It may contain confidential
> or legally privileged information. If you are not the intended recipient
> you are hereby notified that any disclosure, copying, distribution or
> taking any action in reliance on the contents of this information is
> strictly prohibited and may be unlawful. If you have received this
> communication in error, please notify us immediately by responding to this
> email and then delete it from your system. Finantix is neither liable for
> the proper and complete transmission of the information contained in this
> communication nor for any delay in its receipt.
>
>
>
>
> From: Subodh Joshi <subodhcjoshi82 at gmail.com>
> To: Emanuele Gesuato <Emanuele.Gesuato at finantix.com>
> Cc: keycloak-user <keycloak-user at lists.jboss.org>
> Date: 06/04/2018 12:11
> Subject: Re: [keycloak-user] SSO in web and desktop application
> Sent by: keycloak-user-bounces at lists.jboss.org
>
>
>
> Emanuele Gesuato Look like some issue with your email client/server.
>
> On Fri, Apr 6, 2018 at 3:21 PM, Emanuele Gesuato <
> Emanuele.Gesuato at finantix.com> wrote:
>
> >
> > _______________________________________________
> > keycloak-user mailing list
> > keycloak-user at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/keycloak-user
> >
>
>
>
> --
> Subodh Chandra Joshi
> subodh1_joshi82 at yahoo.co.in
> http://www.trendsinnews.com
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
>
>
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
>
>
> --
> "Ever tried. Ever failed. No matter. Try Again. Fail again. Fail better."
> - Samuel Beckett
>
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
--
"Ever tried. Ever failed. No matter. Try Again. Fail again. Fail better."
- Samuel Beckett
More information about the keycloak-user
mailing list