https://issues.jboss.org/browse/KEYCLOAK-1509 is about hiding clients internal to Keycloak (realm management, account, etc..), not internal applications.

On 25 April 2016 at 11:15, Thomas Darimont <thomas.darimont@googlemail.com> wrote:
I think there are already 2 JIRA Issues that are related to this:
https://issues.jboss.org/browse/KEYCLOAK-1509: Hide internal clients and roles
https://issues.jboss.org/browse/KEYCLOAK-1838: Configure client visibillity

Cheers,
Thomas

2016-04-25 11:10 GMT+02:00 Thomas Raehalme <thomas.raehalme@aitiofinland.com>:

+1 for the possibility to restrict users' access to specific clients. Then you would not need to implement this common usecase in every client separately.

Best regards,
Thomas

On Apr 25, 2016 11:42 AM, "Stian Thorgersen" <sthorger@redhat.com> wrote:
This may actually we a valid use-case. Consider a setup where you have:

* Two applications - one that support self-registration (let's call it public-app) the other that only admins can give access to (let's call it internal-app)
* Registration enabled - default roles only give access to the public-app, but no roles for internal-app

In the way it currently works the registration link is shown when user comes from either app. However, the problem is that if a user visits internal-app and clicks on register the user won't actually be able to access the application afterwards.

We could add an option that hides the registration link for certain applications. In the example above if a user tries to go to "public-app" to later register for "internal-app" the user won't be able to access the app. There may even be a case for a further option that allows marking what clients a user is allowed to access. If a user tries to login to an client that the user doesn't have access to Keycloak could block the login.

On 22 April 2016 at 23:15, Bill Burke <bburke@redhat.com> wrote:
What's stopping somebody from visiting a client that allows registration, registering, then visiting the client that doesn't allow registration?

THis is not soething we support


On 4/22/2016 4:57 PM, Everson, David (MNIT) wrote:

Hi,

 

We have several clients within a single realm.  Some of these clients allow for self user registration, others do not. 

 

The self user registration is enabled at the realm level.  Is there a way to override the realm setting at a client level? 

 

What’s your recommendations for implementing these requirements?

 

Using Keycloak 1.8.0.Final.

 

Thanks,

Dave

 

 

Dave Everson  |  DIVISION OF ENVIRONMENTAL HEALTH

MN.IT Services @ mINNESOTA dEPARTMENT OF hEALTH

651-201-5146 (w)  |    david.everson@state.mn.us

cid:image001.jpg@01CE4005.70B223E0

 

Information Technology for Minnesota Government   |   mn.gov/oet

 

 



_______________________________________________
keycloak-user mailing list
keycloak-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user

-- 
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com

_______________________________________________
keycloak-user mailing list
keycloak-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user


_______________________________________________
keycloak-user mailing list
keycloak-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user

_______________________________________________
keycloak-user mailing list
keycloak-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user