[keycloak-user] OIDC / SAML client access restriction
Steeve C
steevechailloux at gmail.com
Fri Sep 20 06:32:23 EDT 2019
Hi,
I'm looking for a way to restrict user access to a given OIDC (and / or
SAML) client for a given realm. I've tried to configure it using OIDC
"Authorization" feature by modifying the "Default policy" JS code to:
```
$evaluation.deny();
```
But without success, users are still able to connect to the client.
I've also tried to create a client role, but even if the user doesn't have
this role he can login to the application.
Can you confirm me that it is possible to restrict user login access to
given user(s) / group(s) at the IdP level (keycloak) without modifying the
client (like without checking which role the user have)?
If it's possible, then could you explain me which process should I use?
(it's not very clear to me at the moment).
Thanks,
Steeve
More information about the keycloak-user
mailing list