I have configured multiple domains within the application. I have also configured for CORS. The goal is to make SSO work seamlessly. There are one realm and multiple clients. Application1 is configured through the Springboot adapter via REST API (Confidential Client) and didn’t make use of KEYCLOAK login themes. Application 2 is configured through JavaScript adapter public client.
We have customized login pages which we are logging through REST API using Spring boot adapter and its working as expected but SSO is not working as expected. My Application2 is configured through the Javascript adapter and couldn’t perform SSO even though application1 is logged (Normal login via Restap API) in already.
If I use the social login to get into application 1 then SSO is working fine for application 2. We are having this issue in case of a normal login through rest API.
Scenario1:
As explained above, we have configured 2 domains www.abc.com and www.abc.co.uk and want SSO to work. We have angular front end with java boot as the back end. We have configured Java boot with Keycloak via rest API and using our own login pages without using Keycloak themes. User could able to login to both domains individually but NO SSO is working.
I have implemented CORS but still, No SSO is working
Scenario2:
I have created another client and made it public and used a javascript adapter to integrate with keycloak. We have 2 types of logins – Normal login and social login.
SSO is working for social login by making use of Check-SSO but its not working for normal login which is configured through REST API via spring boot adapter.
Please suggest how to make SSO work for multiple domain without compromising the security.
Thanks
Santosh