
<div dir="ltr"><div>I think there are already 2 JIRA Issues that are related to this:<br></div><div><a href="https://issues.jboss.org/browse/KEYCLOAK-1509">https://issues.jboss.org/browse/KEYCLOAK-1509</a>: Hide internal clients and roles<br></div><div><a href="https://issues.jboss.org/browse/KEYCLOAK-1838">https://issues.jboss.org/browse/KEYCLOAK-1838</a>: Configure client visibillity<br></div><div><br></div><div>Cheers,</div><div>Thomas</div></div><div class="gmail_extra"><br><div class="gmail_quote">2016-04-25 11:10 GMT+02:00 Thomas Raehalme <span dir="ltr">&lt;<a href="mailto:thomas.raehalme@aitiofinland.com" target="_blank">thomas.raehalme@aitiofinland.com</a>&gt;</span>:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><p dir="ltr">+1 for the possibility to restrict users&#39; access to specific clients. Then you would not need to implement this common usecase in every client separately.</p>

<p dir="ltr">Best regards,<br>

Thomas</p><div class="HOEnZb"><div class="h5">

<div class="gmail_quote">On Apr 25, 2016 11:42 AM, &quot;Stian Thorgersen&quot; &lt;<a href="mailto:sthorger@redhat.com" target="_blank">sthorger@redhat.com</a>&gt; wrote:<br type="attribution"><blockquote style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">This may actually we a valid use-case. Consider a setup where you have:<div><br></div><div>* Two applications - one that support self-registration (let&#39;s call it public-app) the other that only admins can give access to (let&#39;s call it internal-app)</div><div>* Registration enabled - default roles only give access to the public-app, but no roles for internal-app</div><div><br></div><div>In the way it currently works the registration link is shown when user comes from either app. However, the problem is that if a user visits internal-app and clicks on register the user won&#39;t actually be able to access the application afterwards.</div><div><br></div><div>We could add an option that hides the registration link for certain applications. In the example above if a user tries to go to &quot;public-app&quot; to later register for &quot;internal-app&quot; the user won&#39;t be able to access the app. There may even be a case for a further option that allows marking what clients a user is allowed to access. If a user tries to login to an client that the user doesn&#39;t have access to Keycloak could block the login.</div></div><div><div class="gmail_extra"><br><div class="gmail_quote">On 22 April 2016 at 23:15, Bill Burke <span dir="ltr">&lt;<a href="mailto:bburke@redhat.com" target="_blank">bburke@redhat.com</a>&gt;</span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">

  
  <div bgcolor="#FFFFFF" text="#000000">

    What&#39;s stopping somebody from visiting a client that allows

    registration, registering, then visiting the client that doesn&#39;t

    allow registration?<br>

    <br>

    THis is not soething we support<div><div><br>

    <br>

    <div>On 4/22/2016 4:57 PM, Everson, David

      (MNIT) wrote:<br>

    </div>

    </div></div><blockquote type="cite"><div><div>

      
      <div>

        <p class="MsoNormal">Hi, <u></u><u></u></p>

        <p class="MsoNormal"><u></u> <u></u></p>

        <p class="MsoNormal">We have several clients within a single

          realm.  Some of these clients allow for self user

          registration, others do not. 

          <u></u><u></u></p>

        <p class="MsoNormal"><u></u> <u></u></p>

        <p class="MsoNormal">The self user registration is enabled at

          the realm level.  Is there a way to override the realm setting

          at a client level? 

          <u></u><u></u></p>

        <p class="MsoNormal"><u></u> <u></u></p>

        <p class="MsoNormal">What’s your recommendations for

          implementing these requirements?<u></u><u></u></p>

        <p class="MsoNormal"><u></u> <u></u></p>

        <p class="MsoNormal">Using Keycloak 1.8.0.Final. <u></u><u></u></p>

        <p class="MsoNormal"><u></u> <u></u></p>

        <p class="MsoNormal">Thanks,<u></u><u></u></p>

        <p class="MsoNormal">Dave<u></u><u></u></p>

        <p class="MsoNormal"><u></u> <u></u></p>

        <p class="MsoNormal"><u></u> <u></u></p>

        <table style="width:421.75pt;border-collapse:collapse" border="0" cellpadding="0" cellspacing="0" width="562">

          <thead>

            <tr style="height:.2in">

              <td colspan="2" style="width:421.75pt;padding:2.9pt 1.45pt 2.9pt 1.45pt;height:.2in" valign="top" width="562">

                <p class="MsoNormal" style="line-height:115%"><b><span style="font-size:8.0pt;line-height:115%;text-transform:uppercase;letter-spacing:.2pt">Dave

                      Everson 

                      <span style="color:#990033">| </span></span></b><span style="font-size:8.0pt;line-height:115%;text-transform:uppercase"> DIVISION

                    OF ENVIRONMENTAL HEALTH<u></u><u></u></span></p>

                <p class="MsoNormal" style="line-height:115%"><span style="font-size:7.0pt;line-height:115%;text-transform:uppercase;letter-spacing:1.0pt"><a href="http://MN.IT" target="_blank">MN.IT</a>

                    Services

                    <span style="color:#990033">@ </span>mINNESOTA

                    dEPARTMENT OF hEALTH</span><span style="font-size:7.0pt;line-height:115%"><u></u><u></u></span></p>

                <p class="MsoNormal" style="margin-right:0in;margin-bottom:10.0pt;margin-left:0in;line-height:110%"><span style="font-size:7.0pt;line-height:110%"><a href="tel:651-201-5146" value="+16512015146" target="_blank">651-201-5146</a>

                    (w)  <b>| </b>   <u><a href="mailto:david.everson@state.mn.us" target="_blank"><span style="color:blue">david.everson@state.mn.us</span></a></u></span><span style="font-size:7.5pt;line-height:110%;color:#5c83b4;text-transform:uppercase;letter-spacing:1.0pt"><u></u><u></u></span></p>

              </td>

            </tr>

          </thead>

          <tbody>

            <tr style="height:1.1pt">

              <td style="width:99.95pt;padding:0in 0in 0in 0in;height:1.1pt" valign="bottom" width="133">

                <p class="MsoNormal" style="margin-bottom:10.0pt;line-height:115%"><a href="http://www.mn.gov/oet" target="_blank"><i><span style="font-size:8.0pt;line-height:115%;color:#5c83b4;letter-spacing:1.0pt;text-decoration:none"><img src="cid:part2.05040004.02040201@redhat.com" alt="cid:image001.jpg@01CE4005.70B223E0" border="0" height="43" width="117"></span></i></a><i><span style="font-size:8.0pt;line-height:115%;color:#5c83b4;letter-spacing:1.0pt"><u></u><u></u></span></i></p>

              </td>

              <td style="width:321.8pt;padding:0in 0in 0in 0in;height:1.1pt" valign="bottom" width="429">

                <p class="MsoNormal" style="margin-bottom:10.0pt;line-height:115%"><span style="font-size:8.0pt;line-height:115%"><u></u> <u></u></span></p>

                <p class="MsoNormal" style="margin-bottom:10.0pt;line-height:115%"><span style="font-size:8.0pt;line-height:115%">Information

                    Technology for Minnesota Government 

                  </span><span style="font-size:7.0pt;line-height:115%"> <b>|</b> 

                  </span><span style="font-size:8.0pt;line-height:115%;letter-spacing:1.0pt"> </span><a href="http://www.mn.gov/oet" target="_blank"><span style="font-size:8.0pt;line-height:115%;color:blue">mn.gov/oet</span></a><span style="font-size:8.0pt;line-height:115%;color:#5c83b4;letter-spacing:1.0pt"><u></u><u></u></span></p>

              </td>

            </tr>

          </tbody>

        </table>

        <p class="MsoNormal"><u></u> <u></u></p>

        <p class="MsoNormal"><u></u> <u></u></p>

      </div>

      <br>

      <fieldset></fieldset>

      <br>

      </div></div><pre>_______________________________________________

keycloak-user mailing list

<a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.jboss.org</a>

<a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a></pre><span><font color="#888888">

    </font></span></blockquote><span><font color="#888888">

    <br>

    <pre cols="72">-- 

Bill Burke

JBoss, a division of Red Hat

<a href="http://bill.burkecentral.com" target="_blank">http://bill.burkecentral.com</a></pre>

  </font></span></div>


<br>_______________________________________________<br>

keycloak-user mailing list<br>

<a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.jboss.org</a><br>

<a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br></blockquote></div><br></div>

</div><br>_______________________________________________<br>

keycloak-user mailing list<br>

<a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.jboss.org</a><br>

<a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br></blockquote></div>

</div></div><br>_______________________________________________<br>

keycloak-user mailing list<br>

<a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br>

<a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br></blockquote></div><br></div>