we are planning to implement keycloak in our company.
- the main goal is to have one login for all (four) web applications.
- one App is working with session/cookie, one has only a SAML adapter and the rest ist with JWT
- two Apps are available from public internet
- users have different roles across the apps i.e. UserA has noAdminRole in App1 and AdminRole in App2
- users may have access to App1 but not to App2
- all apps can be refactored
Before i give everything a try in testsystems i would ask you kindly some questions:
Q1: if i switch from App1(jwt) to App2(jwt) i assume that i dont have to login again in App2 right?
Q2: if i switch from App1(jwt) to App3(session/cookie) do i need to relogin here? Or will the session cookie somehow generated in App1 and then used by App3?
Q3: can the rolemanagement of the users administrated via the apps themselves? on some apps the roleconfiguration could be really difficult
Q4: is it possible that some users have access to App1 but not to App3 and vice versa?
is there a general View on not allowed? or does this has to be implemented app by app?