Thank you Bill. If I want to restrict the access for my endpoint, for example:
- admin: can do anything: read, update, delete, create at my endpoints
(on UPS)
- regular user: read only
Which approach would be the best with KC? Interceptors? Servlet filter?
Or there's something already implemented?
On 2014-05-27, Bill Burke wrote:
Please check out the project here. IMO, this is how you'll want
to set
up aerogear:
https://github.com/keycloak/keycloak/tree/master/project-integrations/aer...
With aerogear, IMO, you'll want to remove the admin user of the master
realm. We added a feature that you can have a admin user directly in
your realm within the admin console. Please read this:
https://github.com/keycloak/keycloak/tree/master/project-integrations/aer...
The realm import enables an admin user with permissions to modify the
aerogear realm.
https://github.com/keycloak/keycloak/blob/master/project-integrations/aer...
On 5/27/2014 7:58 AM, Bruno Oliveira wrote:
> Good morning guys, following the requirements of Push server. We on
> AeroGear would like to restrict the scope of Admin.
>
> Following the integration samples here:
>
https://github.com/keycloak/keycloak/blob/master/project-integrations/aer....
>
> The downside of remove the admin is that we can't manage our users anymore
(correct me if I'm wrong).
> This is not a big deal if you add a new user or update the current admin with the
appropriate
> permissions. The odd thing is: after login I'm immediately kicked out of KC
> admin, probably I'm doing something wrong for sure, but I couldn't figure
> out yet.
>
> This is the piece of code being tested:
>
https://github.com/abstractj/aerogear-unifiedpush-server/commit/4814e75f1...
>
> And this is the log file:
>
https://gist.github.com/abstractj/eb75d6210eb29394d139. It seems like
> everything goes well here:
>
https://gist.github.com/abstractj/eb75d6210eb29394d139#file-log-txt-L5,
> but maybe I'm missing the mgmt configuration?
>
https://gist.github.com/abstractj/eb75d6210eb29394d139#file-log-txt-L7
>
> Thanks in advance.
>
> --
>
> abstractj
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev(a)lists.jboss.org
>
https://lists.jboss.org/mailman/listinfo/keycloak-dev
>
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
_______________________________________________
keycloak-dev mailing list
keycloak-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev