I am new to this community and happy to meet you guys.
My use-case is the following: I need to connect two separate applications, allowing users already known to app1 to log into app2 with the same credentials. App1 is multi-tenant, so I need to somehow pass the tenant ID to the login (auth) link of Keycloak and then access this information from our custom User Storage SPI, so I can verify that the user belongs to that tenant. Usernames (or emails) alone are not unique.
I have searched a lot and haven’t found anything that seems to allow this. Parameters appended to the auth link are not forwarded after the user has entered his credentials.
Also, I want to only use a single client for all of this and avoid having to create a separate client for each tenant.
I hope I am making myself clear.
Does anyone know of a way to achieve this? I hope there is some Keycloak configuration for adding custom auth parameters that I haven’t found, but it that is not the case, maybe this can be solved via an SPI?
Thanks a lot for your input,
Regards,
Michael.