How do I work with SSO on Keycloak and Spring Security?

[Paulo Bueno]

Recently, we conducted a Proof of Concept (POC) to assess the feasibility of implementing a centralized authentication model in our company. The main idea was to employ a single 'REALM' to authenticate various applications, adopting a dedicated client approach for each of them, and using Spring Security as the security framework. In case of need, each user would be associated with a specific client, providing efficient centralization for the entire business ecosystem.
However, we encountered an additional challenge: we already had a 'REALM' operating under the federation concept, connecting to the user base of our legacy system. It was then that the second objective of our POC arose: to explore the concept of 'multi tenancy', integrating Keycloak with Spring Security. During our internet research, we came across a repository that had apparently addressed this challenge before, offering a potential solution (https://github.com/czetsuya/spring-keycloak-multi-tenant). However, upon further examination, we identified that the version of Keycloak used was quite outdated.
Thus, the question arises: how can we implement this Single Sign-On (SSO) across multiple 'REALMs' using Java applications effectively and compatible with the latest versions of Keycloak?

[Walter Goulet]

Hi Paulo,

Is your goal to have users in one realm have the ability to authenticate to applications whose clients are in another realm? If so, you can configure the realm hosting your applications with an identity provider that is linked to a client in the users realm. This is standard functionality provided by keycloak.

Walter