[keycloak-dev] Pushing Claims from Policy Enforcer
Stian Thorgersen
sthorger at redhat.com
Fri Apr 6 00:41:14 EDT 2018
Sounds like a nice addition to me. I pressume the RPT endpoint already has
support for the server-side part?
On 5 April 2018 at 16:41, Pedro Igor Silva <psilva at redhat.com> wrote:
> Hi,
>
> I'm currently working on https://issues.jboss.org/browse/KEYCLOAK-4903.
>
> This is all about allowing applications to push arbitrary claims to
> Keycloak prior to evaluating permissions on the server. A simple example to
> illustrate the idea: a request arrives you extract what you want from there
> (parameters, headers, etc) and "push" the information from the request as
> claims in order to evaluate your permissions.
>
> There are endless possibilities on what you can push and how.
>
> >From a design perspective, I was thinking about providing a SPI on the
> adapter side (as simple as using ServiceLoader) to load built-in and
> user-defined "claim information points". Examples of built-in
> implementations would be:
>
> * Extract parameters
> * Extract headers
> * Extract path parameters
> * Extract cookies
> * Invoke an external "policy information point"
>
> What do you think ?
>
> Regards.
> Pedro Igor
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>
More information about the keycloak-dev
mailing list