[keycloak-user] SSO experience

Dmitry Telegin dt at acutus.pro
Wed Nov 14 13:34:23 EST 2018 

Hello Ori,

How do you implement SSO for your desktop application? Are you using kcinit [1] or KeycloakInstalled [2]?

Both will do interactive login via the system browser, that means, SSO cookies should be shared with whatever web application that is run therein.

Cheers,
Dmitry Telegin
CTO, Acutus s.r.o.
Keycloak Consulting and Training

Pod lipami street 339/52, 130 00 Prague 3, Czech Republic
+42 (022) 888-30-71
E-mail: info at acutus.pro

[1] https://github.com/keycloak/kcinit
[2] https://www.keycloak.org/docs/latest/securing_apps/index.html#_installed_adapter

On Wed, 2018-11-14 at 10:36 +0000, Ori Doolman wrote:
> Hi,
> I have 2 applications: one is desktop (Windows) and the other one is a web application.
> My desktop application performs authentication and login using Keycloak, and getting a JWT Access Token.
> My web application is using the Keycloak JS adapter to perform the same.
> 
> After I login to my desktop application, is there a way to pass the generated access token to the web application and continue the same session? Or at least have an SSO experience and get another token for the user without the user entering the credentials again?
> 
> 
> 
> Maybe I can pass the token and refresh token from desktop application as init parameters to the Keycloak-JS ?
> I see the following code is checking if initOptions contains the token:
> 
> 
>             function processInit() {
>                 var callback = parseCallback(window.location.href);
> 
>                 if (callback) {
>                     window.history.replaceState({}, null, callback.newUrl);
>                 }
> 
>                 if (callback && callback.valid) {
>                     return setupCheckLoginIframe().success(function() {
>                         processCallback(callback, initPromise);
>                     }).error(function (e) {
>                         initPromise.setError();
>                     });
>                 } else if (initOptions) {
>                     if (initOptions.token && initOptions.refreshToken) {
>                         setToken(initOptions.token, initOptions.refreshToken, initOptions.idToken);
> 
> 
> 
> 
> 
> 
> Thanks,
> 
> Ori Doolman
> Lead Software Architect
> Amdocs Optima
> 
> 
> > [cid:image001.png at 01D2C8DE.BFF33E10]
> 
> “Amdocs’ email platform is based on a third-party, worldwide, cloud-based system. Any emails sent to Amdocs will be processed and stored using such system and are accessible by third party providers of such system on a limited basis. Your sending of emails to Amdocs evidences your consent to the use of such system and such processing, storing and access”.
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user

More information about the keycloak-user mailing list