Hi there,
I want to integrate 2 different realms with a single spring-boot application and want the user of second realm to have the access for first realm… and can I do this from the application,properties file.
Any help would be great
I’m not sure I understand perfectly your question, but I think you can. I wrote spring-boot resource servers with users identified by two (or more) keycloak instances / realms.
What do you mean by “access for first realm”? As I see it, your 2 Keycloak realms are just identity providers. On the resource-server, what maters is the user identity. Who issued / certified this identity is of little importance (as long as it’s an authorization-server you trust).
To configure multi-tenant JWT security in spring, you should configure a JwtIssuerAuthenticationManagerResolver in your web security conf.
To do so from application.properties only, you can use spring-security-oauth2-webmvc-addons or spring-security-oauth2-webflux-addons instead of keycloak spring adapter (which are deprecated) or spring-boot-starter-oauth2-resource-server
I wrote spring-boot resource-servers, each accepting identities issued by several Keycloak instances / realms. In those apps, security rules are based on users indentity (and roles and more). The access-token issuer is of little importance (as long as it is one of the configured “trusted” issuers).
For multi-tenancy, you should define a JwtIssuerAuthenticationManagerResolver (or ReactiveAuthenticationManagerResolver) in your web security conf. Sample here: spring-addons/ServletSecurityBeans.java at ffefd695b1fc7f36cc7d74c071940b960047c159 · ch4mpy/spring-addons · GitHub
This sample is taken from a lib that makes it super easy to configure spring-boot OpenID resource-servers: configure your two identity providers from properties only like you requested. Sample there: spring-addons/samples/tutorials/resource-server_with_oauthentication at master · ch4mpy/spring-addons · GitHub