Hello.
I have Keycloak v. 26 setup for SSO with a single realm and private, SAML and OpenID clients. I have App1 that is using protected content from App2 (SAML) and App3 (OpenID) in iframes. App1 has its own user authentication system and it’s not using same SSO setup.
When I use SSO login directly on Keyclok server or with App2 or App3 everything works as expected and on App1 site all the content loads correctly.
What I want to do is get App1 user’s browser automatically authenticated with App2 and App3 by using private realm client from App1 (built in Laravel) and invoking a token-exchange request from user’s browser to get the session cookies created. token exchange works fine and I can see user’s session started in SSO console, however, I don’t get session cookies created in user’s browser, so App2 and App3 ask user to login when trying to access pages with that have their content in iframes.
I would appreciate any advise on how to makes this work and tips on why it’s not working.
I use below parameters and POST data to /realms/XXX/protocol/openid-connect/token
'grant_type' => 'urn:ietf:params:oauth:grant-type:token-exchange',
'client_id' => 'portal',
'client_secret' => $clientSecret,
'subject_token' => $clientToken,
'requested_subject' => $userId,
'audience' => 'cc-private',
'scope' => 'profile email openid',