I have created 2 different maven web applications and both of them have been hosted as different clients in the same realm. Both of them are hosted in my local machine on JBOSS EAP 6.4.7 server. If a user tries to login to the first application, he perfectly logs in through keycloak and keycloak maintains a session for that user. Now if the same user hits the login page of the second application, he automatically logs into the second application as he already has an active session in keycloak. Is there a mechanism to restrict the user from logging into second application even though he has an active session through application 1?
This is needed to secure the multi-tenant architecture of my application where the application is accessible through multiple urls for different customers and I do not want the user of customer1 to login into customer2 if he is already logged into customer1.
