SSo in different realms in keycloak

Question

I am trying the SSO between multiple realms in keycloak. I have two different realms and user1 is common to both the realms. user2 is specifc for realm one.

I am first authenticating the users against realm1 and realm2. For user1 there are no issue accesstoken is returned from both the realms. But in case of user2 also the accesstoken is returned from both the realms. but when I try with user2 in realm2 only the accesstoken is null.

Can anyone help me? Thanks in advance

You say you're able to login with user2 in realm2 even if user is not created in realm2? Which keycloak version do you use? Which authentication protocol? — Aritz, Apr 09 '18 at 13:00

score 3 · Accepted Answer · answered Aug 05 '18 at 12:27

3

Theoretically it's not possible to have cross-realm SSO functionality, as the realm in Keycloak as some specific purpose and while handling SSO through various realms can lead to security loop holes.

answered Aug 05 '18 at 12:27

Haseb Ansari

587
1
7
23

Is this documented somewhere? – Yngvar Kristiansen Feb 26 '20 at 09:52
I haven't seen any documentation of such but in my perspective it is more about Multi-Tenants functionality. And Keycloak solves this problem to some extent with realms concept. And the users are seperated based on realms. – Haseb Ansari Feb 27 '20 at 13:57

SSo in different realms in keycloak

1 Answers1