SSO and users question

Hi all;
I have a single realm for multiple clients (as I need sso between the different clients)
I want to know if I understand currectly:
is keycloak architecture promotes a uniqness of usernames in the realm level?
for example, if I have a users called ‘foo’ in client1 then you cannot add another user with same name via client2 because they share the same realm?

hopefully I explained well…

Users are always contained in the realm, not in a client.

You can’t have a user “in client A” or “in client B”. A user always authenticates at realm level and basically it is possible to issue a token for every client configured in the same realm. Otherwise SSO wouldn’t be possible. If a user actually has access to a client, this has to be defined at the client directly, e.g. the user must have a concrete role to enter/access the client.

1 Like