DEV Community

loading...

Join realms with user federation

Haris Secic
software developer doing some architecture
Updated on ・1 min read

Does anyone have experience on how to setup realm in keycloak that will copy users from other realms? Basically I need realm that will allow access for all users of other realms and by default I have LDAP and kerberos which I have no idea how to integrate. Identity provider option is not possible for my case so user federation would be really good if some easy solution is possible.

Discussion (2)

Collapse
roxchgt profile image
Roshak Zarhoun

Hi Haris,
have you found any solution to this? I'm dealing with exact same setup and would like to hear how you've eventually solved this

Collapse
greenroommate profile image
Haris Secic Author

Sadly no. You would have to write yourown plugin. So far in prototype we use 1 Realm which has all users and they are devided in groups. Separate realms will be made for each client to prevent access from main one in other external apps. However we also consider building a proxy middleware which will inspect token, lookup our databases for privileges or decide based on access token claims and either forward request or throw 401 403 404 depending on security level. However middleware requires that the external apps can only be accessed through VPN which proxy would be in but also expose 1 endpoint to rest of the world. So only way into ecternal apps would be proxy connected to keycloack filtering network with additional rules.