I am Trying to setup 2 keycloak realms. Realm1 and Realm2. I want to use realm one to register my client and would like to use realm2 as a user pool.
Is it possible if so is there any tutorials available for this?
Asked
Active
Viewed 2,197 times
2 Answers
3
I am Trying to setup 2 keycloak realms. Realm1 and Realm2. I want to use realm one to register my client and would like to use realm2 as a user pool.
Without knowing further context, your design does not make much sense. From the Keycloak Documentation one can read:
realms
A realm manages a set of users, credentials, roles, and groups. A user belongs to and logs into a realm. Realms are isolated from one another and can only manage and authenticate the users that they control.
So I would say that you can just have a single realm with all the users and clients on it. This not only simplifies your setup but also would be conceptually more sound than your original approach i.e., you would keep the users and clients within the same realm. Moreover, realms DO NOT share users among them, so to be able to use the users from Realm 2 in the context of Realm 1 you would have to setup an Identify brokering among the two Realms i.e., making the Realm 2 an Identity Provider of Realm 1. Have a look a this SO Thread for a better understanding.
A context where your original approach would make sense would be, for example, to offer the user with the option of explicitly chose with DB that user would want to authenticate against. In this context each Realm would encapsulate a certain set of external DBs (e.g., LDAPS).
dreamcrash
- 47,137
- 25
- 94
- 117
0
You can use the token exchange feature to exchange a token of the realm1 with a token that can be used with the realm2.
Check Keycloak docs:
https://www.keycloak.org/docs/latest/securing_apps/#external-token-to-internal-token-exchange
Hatem
- 1