4:15 a.m.
I think there are already 2 JIRA Issues that are related to this:
https://issues.jboss.org/browse/KEYCLOAK-1509: Hide internal clients and
roles
https://issues.jboss.org/browse/KEYCLOAK-1838: Configure client visibillity
Cheers,
Thomas
2016-04-25 11:10 GMT+02:00 Thomas Raehalme <thomas.raehalme(a)aitiofinland.com
:
+1 for the possibility to restrict users' access to specific
clients. Then
you would not need to implement this common usecase in every client
separately.
Best regards,
Thomas
On Apr 25, 2016 11:42 AM, "Stian Thorgersen" <sthorger(a)redhat.com>
wrote:
This may actually we a valid use-case. Consider a setup where you have:
* Two applications - one that support self-registration (let's call it
public-app) the other that only admins can give access to (let's call it
internal-app)
* Registration enabled - default roles only give access to the public-app,
but no roles for internal-app
In the way it currently works the registration link is shown when user
comes from either app. However, the problem is that if a user visits
internal-app and clicks on register the user won't actually be able to
access the application afterwards.
We could add an option that hides the registration link for certain
applications. In the example above if a user tries to go to "public-app" to
later register for "internal-app" the user won't be able to access the
app.
There may even be a case for a further option that allows marking what
clients a user is allowed to access. If a user tries to login to an client
that the user doesn't have access to Keycloak could block the login.
On 22 April 2016 at 23:15, Bill Burke <bburke(a)redhat.com> wrote:
> What's stopping somebody from visiting a client that allows registration,
> registering, then visiting the client that doesn't allow registration?
>
> THis is not soething we support
>
>
> On 4/22/2016 4:57 PM, Everson, David (MNIT) wrote:
>
> Hi,
>
>
>
> We have several clients within a single realm. Some of these clients
> allow for self user registration, others do not.
>
>
>
> The self user registration is enabled at the realm level. Is there a way
> to override the realm setting at a client level?
>
>
>
> What’s your recommendations for implementing these requirements?
>
>
>
> Using Keycloak 1.8.0.Final.
>
>
>
> Thanks,
>
> Dave
>
>
>
>
>
> *Dave Everson | * DIVISION OF ENVIRONMENTAL HEALTH
>
> MN.IT Services @ mINNESOTA dEPARTMENT OF hEALTH
>
> 651-201-5146 (w) *| * *david.everson(a)state.mn.us
> <david.everson(a)state.mn.us>*
>
> *[image: cid:image001.jpg@01CE4005.70B223E0]* <http://www.mn.gov/oet>
>
>
>
> Information Technology for Minnesota Government *|* mn.gov/oet
> <http://www.mn.gov/oet>
>
>
>
>
>
>
> _______________________________________________
> keycloak-user mailing
listkeycloak-user@lists.jboss.orghttps://lists.jboss.org/mailman/listinfo/keycloak-user
>
>
> --
> Bill Burke
> JBoss, a division of Red Hathttp://bill.burkecentral.com
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user