2

I am using the keycloak as the sso in my project i have 2 domains over there. here the use case in my project is if user is logged in to the one domain. i have to show the same user as logged in in another domain.

Issue: Here we have 2 domains. and we are running front-end as angular and back-end as java. here we are authenticating to the keycloak rest-api using spring boot. and here the sessions are stateless. and if i loggedin in one domain it is not showing as loggedin in another domain.

we are using the keycloak js with "check-sso" option in the front-end to detect weather the user is logged-in or not. and we are using the social login from keycloak identity broker. to make the user authenticate. and in this case keycloak-js library is detecting user is logged-in. in the second case the normal authentication flow. we are using the keycloak REST-API to authenticate user. in this case we are using the spring boot keyclaok adapter for the user to authenticate. in this flow keycloak js library is not identifying the user as authenticated. if he loggedin from spring boot keyclaok adapter.

can anyone help me out from the issue.

Thanks in advance.

Santosh Raju
  • 156
  • 2
  • 13

1 Answers1

3

After logging in Keycloak sets multiple cookies such as "KEYCLOAK_SESSION" and "KEYCLOAK_IDENTITY" under e.g. "auth.example.com". Each application that configured keycloak with the url "auth.example.com" and redirects to the login screen will be directly redirected back because the cookies are recognized by Keycloak. This is the Single Sign On feature you're referring to.

As you can imagine: A user that opens an application that uses e.g. "auth.example.co.uk" (notice the different domain) and gets redirected to the login screen will see the login mask as no cookies are set under that domain.

in short: sso only works when domain are unified.

arndts
  • 31
  • 3