[keycloak-user] Authenticate against multiple realm management clients simultaneously

[moritz.becker at gmx.at]

Hi,

 

I use Keycloak to secure an application that has two types of users: vendors
and customers.

I created one 'customer-realm' and one 'vendor-realm'.

Each realm also has one client which the application authenticates against,
depending on whether the vendor login or the customer login is used.

 

I also have a backoffice application that is separate from my main
application. Backoffice users should be able to manage both vendors and
customers.

I planned to utilize the auto-created realm management clients in the master
realm called 'customer-realm-realm' and 'vendor-realm-realm' that would

allow me to assign permissions to users in the master realm to manage the
other realms as needed.

However, when a user logs in to the backoffice application, it can only
authenticate against one of the realm management clients and not both (as
far as I see). So the user

would only receive half of the required permissions.

 

What is the best approach here?

 

Thank you!