[keycloak-user] Trust between two standalone Keycloak Instances
Aditya Bhole
Aditya.Bhole at veritas.com
Mon Jul 15 13:23:06 EDT 2019
Hello,
I’m new to Keycloak and building a prototype SSO framework for my company. The use case is that my company has 3 clients; A, B and C. Now each client is going to have its own Keycloak instance; KA, KB and KC. Now what I want is when I login through client A I should be logged into client B and C as well. And same goes for all the clients. So for this to happen, is there a way of establishing trust between these three Keycloak instances KA, KB and KC?
I’ve successfully established an SSO by using KA as a broker and KB as an IDP. But this is only a master slave kind-of an architecture. When I log in to A, I’m automatically logged into B. But if I log into B, I won’t be automatically logged into A. Is it possible for KA to be a broker for KB and KB to be a broker for KA at the same time?
TL;DR :
Is there a way where Keycloak only acts as a broker and trust is established between multiple such Keycloak instances?
I hope my question makes sense. Please point me in the right direction if I’m looking at this in the wrong way.
Thanks,
Aditya
More information about the keycloak-user
mailing list