Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Keycloak Realm VS Keycloak Client

Tags:

I am recently working on Keycloak 6.0.1 for SSO for authentication for multiple applications in organisation. I am confused in difference between clients and realm.

If I have 5 different application to be managed for SSO then do I have to create 5 different clients or 5 different realm ?

If I say I have to create 5 different Clients under 1 realm then could I execute different authentication flow for different client in same realm ?

like image 671
Rohan Kadu Avatar asked Jun 12 '19 11:06

Rohan Kadu


2 Answers

According to Keycloak documentation

  1. Realm - A realm manages a set of users, credentials, roles, and groups. A user belongs to and logs into a realm. Realms are isolated from one another and can only manage and authenticate the users that they control.

  2. Clients are entities that can request Keycloak to authenticate a user. Most often, clients are applications and services that want to use Keycloak to secure themselves and provide a single sign-on solution. Clients can also be entities that just want to request identity information or an access token so that they can securely invoke other services on the network that are secured by Keycloak.

For your scenario you can create 5 different clients under one realm. Keycloak provides out of the box support for Single Sign On. For more information refer to Keycloak documentation keycloak documentation link

like image 95
Santhoopa Jayawardhana Avatar answered Sep 17 '22 01:09

Santhoopa Jayawardhana


The core concept in Keycloak is a Realm. A realm secures and manages security metadata for a set of users, applications, and registered oauth clients. Users can be created within a specific realm within the Administration console. Roles (permission types) can be defined at the realm level and you can also set up user role mappings to assign these permissions to specific users.

http://www.mastertheboss.com/jboss-frameworks/keycloak/introduction-to-keycloak

Generally talking, a client represents a resource which some users can access. Keycloak's built in clients are for keycloak internal use.

Example for an application could be any mobile application. Client can be a simple REST API.

like image 22
lowmath Avatar answered Sep 18 '22 01:09

lowmath