Hello
Perhaps someone worked closely with the construction of isolated segments for authentication/authorization of users united by one IdP based on keycloak.
Сhallenge:
Having a valid token of the SLAVE-2 realm by means of the REST API, to obtain a user token from the SLAVE-1 realm, according to the scheme.
Fulfilled preconditions:
- realm MAIN is the identity provider for the SLAVE-1 and SLAVE-2 realm
- the user was originally in the MAIN realm
- the user appeared in the SLAVE-1 realm through identity provider MAIN
- the user appeared in the SLAVE-2 realm through identity provider MAIN
here we see 2 possible ways:
- 1.1 and 1.2, i.e. through the MAIN
- 2 realm immediately into the SLAVE-1 realm, possibly passing some additional information
possible directions for digging:
- setting up the Authentication and flow section
- it is possible to create your own flow