If you use CIP to push the URI [1].
From your example, I understand that by default users have access to
POS.
For the primary store, they can do more. By pushing the URL (or only the
store id), you should be able to differentiate the scopes that should be
granted to primaries vs secondaries stores.
[1]
https://github.com/keycloak/keycloak-quickstarts/blob/latest/app-authz-re...
On Fri, Dec 28, 2018 at 2:57 PM Warren, Scott <swarren(a)sumglobal.com> wrote:
Jumped the gun on that last response:
1. I can configure the policy enforcer with claim-information-point to
extract information from the request
2. Assuming I'm correct in that this information is not easily stored in
Keycloak, I need to set up an external Claim Information Point (CIP) either
as an HTTP service or by implementing the CIP SPI.
This seems like the most elegant path, though I really didn't want to
create a separate app and DB to maintain this data.
Any thoughts?
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user