Keycloak SSO Issue - Spring Boot Adapter and REST API

I have configured multiple domains within the application. I have also configured for CORS. The goal is to make SSO work seamlessly. There are one realm and multiple clients. Application1 is configured through the Springboot adapter via REST API (Confidential Client) and didn’t make use of KEYCLOAK login themes. Application 2 is configured through JavaScript adapter public client.

We have customized login pages which we are logging through REST API using Spring boot adapter and its working as expected but SSO is not working as expected. My Application2 is configured through the Javascript adapter and couldn’t perform SSO even though application1 is logged (Normal login via Restap API) in already.

If I use the social login to get into application 1 then SSO is working fine for application 2. We are having this issue in case of a normal login through rest API.


As explained above, we have configured 2 domains and and want SSO to work. We have angular front end with java boot as the back end. We have configured Java boot with Keycloak via rest API and using our own login pages without using Keycloak themes. User could able to login to both domains individually but NO SSO is working.

I have implemented CORS but still, No SSO is working


I have created another client and made it public and used a javascript adapter to integrate with keycloak. We have 2 types of logins – Normal login and social login.

SSO is working for social login by making use of Check-SSO but its not working for normal login which is configured through REST API via spring boot adapter.

Please suggest how to make SSO work for multiple domain without compromising the security.


1 Like

The problem is that you are using custom login pages, which do not support SSO. I highly recommend using the built-in login pages and styling/themeing those. Otherwise, you will have to build SSO support into your custom login pages.

1 Like


Expanding on @stianst 's comment, the premise is simple. You need to allow Keycloak to set the SSO cookie for the end-user on the user-agent. If you are providing your own login page, you need to manage creation of such cookie and provide logic to support it.

Best bet is to work with themes. It’s simple and straight-forward and a lot of best practices are already covered for you out of the box!