<div dir="ltr"><div>I think there are already 2 JIRA Issues that are related to this:<br></div><div><a href="https://issues.jboss.org/browse/KEYCLOAK-1509">https://issues.jboss.org/browse/KEYCLOAK-1509</a>: Hide internal clients and roles<br></div><div><a href="https://issues.jboss.org/browse/KEYCLOAK-1838">https://issues.jboss.org/browse/KEYCLOAK-1838</a>: Configure client visibillity<br></div><div><br></div><div>Cheers,</div><div>Thomas</div></div><div class="gmail_extra"><br><div class="gmail_quote">2016-04-25 11:10 GMT+02:00 Thomas Raehalme <span dir="ltr">&lt;<a href="mailto:thomas.raehalme@aitiofinland.com" target="_blank">thomas.raehalme@aitiofinland.com</a>&gt;</span>:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><p dir="ltr">+1 for the possibility to restrict users&#39; access to specific clients. Then you would not need to implement this common usecase in every client separately.</p>
<p dir="ltr">Best regards,<br>
Thomas</p><div class="HOEnZb"><div class="h5">
<div class="gmail_quote">On Apr 25, 2016 11:42 AM, &quot;Stian Thorgersen&quot; &lt;<a href="mailto:sthorger@redhat.com" target="_blank">sthorger@redhat.com</a>&gt; wrote:<br type="attribution"><blockquote style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">This may actually we a valid use-case. Consider a setup where you have:<div><br></div><div>* Two applications - one that support self-registration (let&#39;s call it public-app) the other that only admins can give access to (let&#39;s call it internal-app)</div><div>* Registration enabled - default roles only give access to the public-app, but no roles for internal-app</div><div><br></div><div>In the way it currently works the registration link is shown when user comes from either app. However, the problem is that if a user visits internal-app and clicks on register the user won&#39;t actually be able to access the application afterwards.</div><div><br></div><div>We could add an option that hides the registration link for certain applications. In the example above if a user tries to go to &quot;public-app&quot; to later register for &quot;internal-app&quot; the user won&#39;t be able to access the app. There may even be a case for a further option that allows marking what clients a user is allowed to access. If a user tries to login to an client that the user doesn&#39;t have access to Keycloak could block the login.</div></div><div><div class="gmail_extra"><br><div class="gmail_quote">On 22 April 2016 at 23:15, Bill Burke <span dir="ltr">&lt;<a href="mailto:bburke@redhat.com" target="_blank">bburke@redhat.com</a>&gt;</span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
  
    
  
  <div bgcolor="#FFFFFF" text="#000000">
    What&#39;s stopping somebody from visiting a client that allows
    registration, registering, then visiting the client that doesn&#39;t
    allow registration?<br>
    <br>
    THis is not soething we support<div><div><br>
    <br>
    <div>On 4/22/2016 4:57 PM, Everson, David
      (MNIT) wrote:<br>
    </div>
    </div></div><blockquote type="cite"><div><div>
      
      
      
      
      <div>
        <p class="MsoNormal">Hi, <u></u><u></u></p>
        <p class="MsoNormal"><u></u> <u></u></p>
        <p class="MsoNormal">We have several clients within a single
          realm.  Some of these clients allow for self user
          registration, others do not. 
          <u></u><u></u></p>
        <p class="MsoNormal"><u></u> <u></u></p>
        <p class="MsoNormal">The self user registration is enabled at
          the realm level.  Is there a way to override the realm setting
          at a client level? 
          <u></u><u></u></p>
        <p class="MsoNormal"><u></u> <u></u></p>
        <p class="MsoNormal">What’s your recommendations for
          implementing these requirements?<u></u><u></u></p>
        <p class="MsoNormal"><u></u> <u></u></p>
        <p class="MsoNormal">Using Keycloak 1.8.0.Final. <u></u><u></u></p>
        <p class="MsoNormal"><u></u> <u></u></p>
        <p class="MsoNormal">Thanks,<u></u><u></u></p>
        <p class="MsoNormal">Dave<u></u><u></u></p>
        <p class="MsoNormal"><u></u> <u></u></p>
        <p class="MsoNormal"><u></u> <u></u></p>
        <table style="width:421.75pt;border-collapse:collapse" border="0" cellpadding="0" cellspacing="0" width="562">
          <thead>
            <tr style="height:.2in">
              <td colspan="2" style="width:421.75pt;padding:2.9pt 1.45pt 2.9pt 1.45pt;height:.2in" valign="top" width="562">
                <p class="MsoNormal" style="line-height:115%"><b><span style="font-size:8.0pt;line-height:115%;text-transform:uppercase;letter-spacing:.2pt">Dave
                      Everson 
                      <span style="color:#990033">| </span></span></b><span style="font-size:8.0pt;line-height:115%;text-transform:uppercase"> DIVISION
                    OF ENVIRONMENTAL HEALTH<u></u><u></u></span></p>
                <p class="MsoNormal" style="line-height:115%"><span style="font-size:7.0pt;line-height:115%;text-transform:uppercase;letter-spacing:1.0pt"><a href="http://MN.IT" target="_blank">MN.IT</a>
                    Services
                    <span style="color:#990033">@ </span>mINNESOTA
                    dEPARTMENT OF hEALTH</span><span style="font-size:7.0pt;line-height:115%"><u></u><u></u></span></p>
                <p class="MsoNormal" style="margin-right:0in;margin-bottom:10.0pt;margin-left:0in;line-height:110%"><span style="font-size:7.0pt;line-height:110%"><a href="tel:651-201-5146" value="+16512015146" target="_blank">651-201-5146</a>
                    (w)  <b>| </b>   <u><a href="mailto:david.everson@state.mn.us" target="_blank"><span style="color:blue">david.everson@state.mn.us</span></a></u></span><span style="font-size:7.5pt;line-height:110%;color:#5c83b4;text-transform:uppercase;letter-spacing:1.0pt"><u></u><u></u></span></p>
              </td>
            </tr>
          </thead>
          <tbody>
            <tr style="height:1.1pt">
              <td style="width:99.95pt;padding:0in 0in 0in 0in;height:1.1pt" valign="bottom" width="133">
                <p class="MsoNormal" style="margin-bottom:10.0pt;line-height:115%"><a href="http://www.mn.gov/oet" target="_blank"><i><span style="font-size:8.0pt;line-height:115%;color:#5c83b4;letter-spacing:1.0pt;text-decoration:none"><img src="cid:part2.05040004.02040201@redhat.com" alt="cid:image001.jpg@01CE4005.70B223E0" border="0" height="43" width="117"></span></i></a><i><span style="font-size:8.0pt;line-height:115%;color:#5c83b4;letter-spacing:1.0pt"><u></u><u></u></span></i></p>
              </td>
              <td style="width:321.8pt;padding:0in 0in 0in 0in;height:1.1pt" valign="bottom" width="429">
                <p class="MsoNormal" style="margin-bottom:10.0pt;line-height:115%"><span style="font-size:8.0pt;line-height:115%"><u></u> <u></u></span></p>
                <p class="MsoNormal" style="margin-bottom:10.0pt;line-height:115%"><span style="font-size:8.0pt;line-height:115%">Information
                    Technology for Minnesota Government 
                  </span><span style="font-size:7.0pt;line-height:115%"> <b>|</b> 
                  </span><span style="font-size:8.0pt;line-height:115%;letter-spacing:1.0pt"> </span><a href="http://www.mn.gov/oet" target="_blank"><span style="font-size:8.0pt;line-height:115%;color:blue">mn.gov/oet</span></a><span style="font-size:8.0pt;line-height:115%;color:#5c83b4;letter-spacing:1.0pt"><u></u><u></u></span></p>
              </td>
            </tr>
          </tbody>
        </table>
        <p class="MsoNormal"><u></u> <u></u></p>
        <p class="MsoNormal"><u></u> <u></u></p>
      </div>
      <br>
      <fieldset></fieldset>
      <br>
      </div></div><pre>_______________________________________________
keycloak-user mailing list
<a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.jboss.org</a>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a></pre><span><font color="#888888">
    </font></span></blockquote><span><font color="#888888">
    <br>
    <pre cols="72">-- 
Bill Burke
JBoss, a division of Red Hat
<a href="http://bill.burkecentral.com" target="_blank">http://bill.burkecentral.com</a></pre>
  </font></span></div>

<br>_______________________________________________<br>
keycloak-user mailing list<br>
<a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br></blockquote></div><br></div>
</div><br>_______________________________________________<br>
keycloak-user mailing list<br>
<a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br></blockquote></div>
</div></div><br>_______________________________________________<br>
keycloak-user mailing list<br>
<a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br></blockquote></div><br></div>