Get the token of another realm merged with the same identity provider

Hello

Perhaps someone worked closely with the construction of isolated segments for authentication/authorization of users united by one IdP based on keycloak.

Сhallenge:
Having a valid token of the SLAVE-2 realm by means of the REST API, to obtain a user token from the SLAVE-1 realm, according to the scheme.

Fulfilled preconditions:

  • realm MAIN is the identity provider for the SLAVE-1 and SLAVE-2 realm
  • the user was originally in the MAIN realm
  • the user appeared in the SLAVE-1 realm through identity provider MAIN
  • the user appeared in the SLAVE-2 realm through identity provider MAIN

here we see 2 possible ways:

  • 1.1 and 1.2, i.e. through the MAIN
  • 2 realm immediately into the SLAVE-1 realm, possibly passing some additional information

possible directions for digging:

  • setting up the Authentication and flow section
  • it is possible to create your own flow