[keycloak-user] Configure authorization with SAML
Pedro Igor Silva
psilva at redhat.com
Mon Feb 4 07:46:02 EST 2019
Yes, there is no easy way to do that right now when using SAML. There is an
extension  though that works for OIDC.
I dunno if we are going to invest authorization in SAML, but you can open
an RFE and try to get votes from other interested parties.
On Sun, Feb 3, 2019 at 6:32 AM John Doe <fsf.eff at protonmail.com> wrote:
> Dear Keycloak users,
> First of all I would like to thank you for committing on this project.
> I configured Keycloak with FreeIPA. I have single realm in Keycloak
> (master realm) and All of my SAML clients are in this realm, Right now I
> want to limit access to "Weekdone.com SAML client" for certain users and as
> I searched I found out there is no authorization on SAML and it's under
> development, Can you please tell me about it's status?
> If it's not available right now, How can I implement it?
> Is it Ok if I create a "weekdone users" group in FreeIPA and create
> another realm in Keycloak and add weekdone SAML client to that realm?
> I think that makes a mess in the long-term but I found no other solution.
> References to this issue:
> Best Regards.
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
More information about the keycloak-user