I’m discovering Keycloak and I have some pretty basic questions (I tried to get answers by Googling, but it’s not unclear to me).
- I’d like to have an URL for login on a specific Realm. For example, https://sso.example.org/auth/realms/myrealm/account → this URL is showing me the default “Welcome to Keycloak Account Management”, with a sign in button on the top right. I’d prefer to get directly the Login form. Is that possible? Or it’s up to my 3rd party app to send to that login form directly? I’m pretty noob on identity management, but I imagined it was a login page you go once and then you can access all your SSO enabled services without login again.
- What do you expose externally if you want your SSO to be publicly available? Is it possible to avoid getting your master realm visible at all at some point? I’m not sure about the potential security risk to expose that. In my context, the SSO will be for our customers (with a dedicated realm), so it must be accessible from everywhere. Right now, it’s at least behind nginx for HTTPS.