<div dir="ltr">In that case I'd say you should rather not deploy the admin endpoints at all and instead add your own custom endpoints.</div><div class="gmail_extra"><br><div class="gmail_quote">On 27 November 2015 at 11:08, Bystrik Horvath <span dir="ltr"><<a href="mailto:bystrik.horvath@gmail.com" target="_blank">bystrik.horvath@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Hello everyone,<div><br></div><div>I would like to limit the functionality of the admin REST API to the calling user/application. </div><div>The motivation is not to expose the "internals" of keycloak and put some logic between the calling app and admin REST API.</div><div>My idea was to create a simple web application deployed at keycloak server that belongs to the same realm as calling application and realm management application. </div><div>Would you recommend that approach? Or is there anything more suitable (e.g.: implement it as a keycloak valve... etc.)?</div><div><br></div><div>Thank you for your opinions.</div><div><br></div><div>Best regards,</div><div>Bystrik</div><div><br></div><div><br></div></div>
<br>_______________________________________________<br>
keycloak-user mailing list<br>
<a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br></blockquote></div><br></div>