[keycloak-user] Restrict user's access to a subset of realm's clients
Marek Posolda
mposolda at redhat.com
Tue Sep 13 03:27:25 EDT 2016
Look at the "scope" tab for particular client in admin console. You need
to uncheck "Full scope allowed" and then select requested scopes. The
resulting roles in the token are the intersection of user's roles +
client's scoped roles.
Marek
On 13/09/16 08:48, Andy Yar wrote:
> Hello,
> I'm wondering, is there a way how to restrict certain clients in a
> realm for a given user?
>
> Of course, I can map roles to user and check them in each application.
> However, it seems like it might be easier to perform directly on
> Keycloak side.
>
> What is the correct way how to achieve that?
>
> Thanks in advance.
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160913/c8817ce8/attachment-0001.html
More information about the keycloak-user
mailing list