I have 2 clients(2 application) in one realm. Each client have their own roles that are assigned to their users. Now when I logged in to one application, that user is automatically logging in to another application even if that user does not have any role from second application. I don’t want keycloak to share user session with any application that role is not assigned to the user.
The applications need to valiate that the use has the correct roles, this is not done by keycloak. In keycloak the use has only one session ( otherwise single-sign-on/SSO would not work…).
1 Like