Re: [keycloak-user] Fwd: Multi-tiered Permissions

Jumped the gun on that last response: 1. I can configure the policy enforcer with claim-information-point to extract information from the request 2. Assuming I'm correct in that this information is not easily stored in Keycloak, I need to set up an external Claim Information Point (CIP) either as an HTTP service or by implementing the CIP SPI. This seems like the most elegant path, though I really didn't want to create a separate app and DB to maintain this data. Any thoughts?