[keycloak-user] Give access to his account to a client
François Gourrier
francois.gourrier at libre-logic.fr
Thu Mar 7 11:35:27 EST 2019
Hello everyone,
i find the anwser by myself to my question.
I followed the instructions given for "fine grained permissions" here: https://www.keycloak.org/docs/latest/server_admin/index.html#_fine_grain_permissions
But I do not have the expected result.
Here is my configuration :
- I created a group "admin" and gave it the role "query-client" on the client "realm-management" of the kingdom concerned
- For the client "Test" for which I wish to give access (for management) to a dedicated user, I created a policy with the right to manage for the group concerned "admin", via the "permissions" tab.
- I added the relevant user "Test" in this group "admin.
And the result is: "Forbidden.You do not have access to the requested resource" ...
If I add the role "view-ream" to the group "admin" on the client "realm-management" of the kingdom concerned, it's OK, but the user "test" also reads the whole configuration of the kingdom, which is not desirable.
Did I miss something?
thank you in advance
----- Mail original -----
De: "Francois Gourrier" <francois.gourrier at libre-logic.fr>
À: keycloak-user at lists.jboss.org
Envoyé: Mercredi 27 Février 2019 15:59:33
Objet: [keycloak-user] Give access to his account to a client
Hello everyone,
we are currently using keycloak. We created several clients on a realm. To simplify the management of URIs, we would like to give the management of his account to each client.
T he REST API allows to modify the account but it is not necessary that a customer can go to see the configuration of the other customers, which is nevertheless possible if he has the rights of access to the service (unless one can restrict access to a client).
Another track would be that a customer connects to his account via the back office.
A track to meet the need?
Thank you in advance.
François GOURRIER
_______________________________________________
keycloak-user mailing list
keycloak-user at lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
More information about the keycloak-user
mailing list