Re: [keycloak-user] Block login attempt from specific role
It's not allowed OOTB. Maybe it is possible with Script authenticator,
but not 100% sure.
But TBH I wouldn't use the approach like that to reject it even at login
side. As role mappings is typically not about authentication, but about
authorization. So the more correct approach is to let the authentication
to finish and then, once user is redirected back to the application, let
the error to be displayed here (Some page with the "Forbidden" message
and 403 error). User will be then authenticated, so in case that he
access R1, he will be authenticated automatically due the SSO and won't
need to reauthenticate.
Marek
On 09/08/18 10:36, Andreas Kull wrote:
I have one realm which contains two clients A1, A2 and two roles
R1, R2.
R1 can access A1 and A2
R2 should only be able to access A2
Is it possible way to disallow the login of R2 in A1 directly on the
Keycloak login page?
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user