[keycloak-user] Group policy for authorization.

Hübner, Bettina Bettina.Huebner at kvbawue.de
Wed Jun 14 06:57:14 EDT 2017 

Addition:
A group policy will be added to keycloak: https://issues.jboss.org/browse/KEYCLOAK-3168




-----Ursprüngliche Nachricht-----
Von: keycloak-user-bounces at lists.jboss.org [mailto:keycloak-user-bounces at lists.jboss.org] Im Auftrag von Hübner, Bettina
Gesendet: Mittwoch, 14. Juni 2017 09:16
An: 'rafterjiang'
Cc: 'keycloak-user at lists.jboss.org'
Betreff: Re: [keycloak-user] Group policy for authorization.

Hi R,

you can use a Group Mapper to add the group to the access token and then create a JavaScript Policy that checks the group membership.

E.g. when using 'group' as 'Token Claim Name' property of the group mapper

var identity = $evaluation.getContext().getIdentity();
var attributes = identity.getAttributes();
var n = attributes.getValue('group').size();
 
for (i = 0; i < n; i++) {
  var group = attributes.getValue('group').asString(i);
  if (group == "name of group needed to acces the resource") {
    $evaluation.grant();
  }
}


Regards
Bettina




-----Ursprüngliche Nachricht-----
Von: keycloak-user-bounces at lists.jboss.org [mailto:keycloak-user-bounces at lists.jboss.org] Im Auftrag von rafterjiang
Gesendet: Dienstag, 13. Juni 2017 19:42
An: keycloak-user at lists.jboss.org
Betreff: [keycloak-user] Group policy for authorization.

Hello,

Is there a *group policy *that we can use for authorization? This way we can
simply add new user to the group that we have created and the user can
automatically gain access to the resource. 

Right now we have to create policy for every single new user and assign to
the resource.

Thanks,
R



--
View this message in context: http://keycloak-user.88327.x6.nabble.com/Group-policy-for-authorization-tp3940.html
Sent from the keycloak-user mailing list archive at Nabble.com.
_______________________________________________
keycloak-user mailing list
keycloak-user at lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user

_______________________________________________
keycloak-user mailing list
keycloak-user at lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user

More information about the keycloak-user mailing list