Evaluation of Posibilities

Hi all,

we are planning to implement keycloak in our company.

  • the main goal is to have one login for all (four) web applications.
  • one App is working with session/cookie, one has only a SAML adapter and the rest ist with JWT
  • two Apps are available from public internet
  • users have different roles across the apps i.e. UserA has noAdminRole in App1 and AdminRole in App2
  • users may have access to App1 but not to App2
  • all apps can be refactored

Before i give everything a try in testsystems i would ask you kindly some questions:
Q1: if i switch from App1(jwt) to App2(jwt) i assume that i dont have to login again in App2 right?

Q2: if i switch from App1(jwt) to App3(session/cookie) do i need to relogin here? Or will the session cookie somehow generated in App1 and then used by App3?

Q3: can the rolemanagement of the users administrated via the apps themselves? on some apps the roleconfiguration could be really difficult

Q4: is it possible that some users have access to App1 but not to App3 and vice versa?
is there a general View on not allowed? or does this has to be implemented app by app?