[keycloak-user] Keycloak AuthZ Client - Link resource/scope to policy/permission via API

Pedro Igor Craveiro e Silva psilva at redhat.com
Wed Oct 19 07:08:16 EDT 2016


On Wed, 2016-10-19 at 06:26 +0000, FREIMUELLER Christian wrote:
> Thanks, Pedro for the information - that helped me a lot. 
> 
> I will try to achieve this with the Admin Client API - I think you
> are referring to the clients CRUD API, aren't you?
> 
> When is the improvement on the client API and REST API planned? ->
> the mentioned ticket below is currently without a proposed fix
> version...

No dates yet. Need to talk with Stian and review the roadmap for Authz
Services ... It is a priority, but we do have other things going on
right now.

> 
> Kind regards,
> Christian
> 
> -----Original Message-----
> From: Pedro Igor Craveiro e Silva [mailto:psilva at redhat.com> Sent: 18 October 2016 16:34
> To: FREIMUELLER Christian; keycloak-user at lists.jboss.org
> Subject: Re: [keycloak-user] Keycloak AuthZ Client - Link
> resource/scope to policy/permission via API
> 
> Hi Christian.
> 
> Currently we don't support that, but we have KEYCLOAK-3135 [1] which
> I
> think is related with what you are looking for.
> 
> Actually, you can already do that via Keycloak Admin Client API, but
> we
> would like to come up with a better Client API and REST API for that.
> 
> Our roadmap includes not only URI protection, but also other uses
> cases
> supported by UMA.
> 
> [1] https://issues.jboss.org/browse/KEYCLOAK-3135
> 
> On Tue, 2016-10-18 at 14:11 +0000, FREIMUELLER Christian wrote:
> > 
> > Dear all,
> > 
> > I've a question regarding the authZ client.
> > 
> > Is there a way to connect the resources created with the client
> > with
> > policies/permissions via the API, or is there only the HMI (Admin
> > Console) to make this connection?
> > 
> > The thing is we would like to use Keycloak for defining the access
> > rights on thousands of resources (objects like database entries,
> > files) and it would be very cumbersome to do this by hand for each
> > single resource.
> > 
> > Or is this authorization service meant to be used in another way
> > (protecting URI for applications) only?
> > 
> > Best regards,
> > Christian
> > _______________________________________________
> > keycloak-user mailing list
> > keycloak-user at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/keycloak-user
> -- 
> Pedro Igor
-- 
Pedro Igor


More information about the keycloak-user mailing list