[keycloak-user] Configure authorization with SAML
Pedro Igor Silva
psilva at redhat.com
Mon Feb 4 07:46:02 EST 2019
Hi John,
Yes, there is no easy way to do that right now when using SAML. There is an
extension [1] though that works for OIDC.
I dunno if we are going to invest authorization in SAML, but you can open
an RFE and try to get votes from other interested parties.
Best regards.
Pedro Igor
[1] https://www.keycloak.org/extensions.html
On Sun, Feb 3, 2019 at 6:32 AM John Doe <fsf.eff at protonmail.com> wrote:
> Dear Keycloak users,
> First of all I would like to thank you for committing on this project.
>
> I configured Keycloak with FreeIPA. I have single realm in Keycloak
> (master realm) and All of my SAML clients are in this realm, Right now I
> want to limit access to "Weekdone.com SAML client" for certain users and as
> I searched I found out there is no authorization on SAML and it's under
> development, Can you please tell me about it's status?
>
> If it's not available right now, How can I implement it?
> Is it Ok if I create a "weekdone users" group in FreeIPA and create
> another realm in Keycloak and add weekdone SAML client to that realm?
>
> I think that makes a mess in the long-term but I found no other solution.
>
> References to this issue:
> http://lists.jboss.org/pipermail/keycloak-user/2017-September/011759.html
>
> https://www.reddit.com/r/selfhosted/comments/8ah2we/keycloak_authorization_services_for_saml/
>
> Best Regards.
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
More information about the keycloak-user
mailing list