0

We have two application: 1) APP1 2) APP2

We want to serve our application (APP1) as IDP and (APP2) as client. Apparently we want to preserve SSO(Single Sign On/Off) between both the application.

In other words, we want to use keycloak only for session maintenance. We have our own federation and authentication service which is supporting OpenId protocol.

Is it possible to achieve the same?

Krunal Shah
  • 2,083
  • 12
  • 27
  • If you have own IDP, then why you will need Keycloak? What kind of session maintenance? – Jan Garaj Sep 08 '18 at 22:49
  • Thanks @JanGaraj for quick response. We need that to maintain single sign on/off. Real-time scenario: What if my IDP's(APP1) session get expired and user is currently working on Client(APP2). Ideally user should not get logout, cause he's actively working on APP2. If user get logout on APP1/APP2, then and then session should get invalidate for both the APP. – Krunal Shah Sep 10 '18 at 12:08
  • I'm still lost because your real setup (used flows, apps domain) is unknown. Generally, use one domain for both apps and domain cookie for storing access/id token for both apps. – Jan Garaj Sep 10 '18 at 20:18
  • we are using "code flow" and not sure regarding your domain remark. Since both the apps are different, domain will be different. And regarding cookie remark, keycloak will help us to maintain JSESSIONID for single sign on/off. Rest parameters like access/id token, we're maintaining for both the apps; specially IDP (APP1). – Krunal Shah Sep 12 '18 at 05:26

0 Answers0