[keycloak-user] Custom Authorization in Keycloak

Dear Keycloak Community, we are evaluating Keycloak and have the use that that we cannot migrate authorization information (roles, permissions, ...) to Keycloak. We have this information stored in a legacy database. Is it possible to write an extension to Keycloak which handles with authorization decisions there? It would load our roles and permissions, etc. and decide if it grants access to the user or client being present. I know about the extension mechanism on writing custom User Store providers but I'm not sure if this is the right place to do that for authorization information as well? Thank you for any help, Best regard, Herbert? Herbert Mühlburger Senior System Engineer [http://signature.bearingpoint.com/BrP_Logo.png] T +43 316 8003 F +43 316 8003 1080 BearingPoint Seering 6, Block B 8141 Premstätten Austria herbert.muehlburger(a)bearingpoint.com <mailto:herbert.muehlburger@bearingpoint.com> www.bearingpoint.com<http://www.bearingpoint.com/> ________________________________ BearingPoint Technology GmbH Sitz: Premstätten bei Graz Firmenbuchgericht: Landesgericht für ZRS Graz Firmenbuchnummer: FN 44354b The information in this email is confidential and may be legally privileged. If you are not the intended recipient of this message, any review, disclosure, copying, distribution, retention, or any action taken or omitted to be taken in reliance on it is prohibited and may be unlawful. If you are not the intended recipient, please reply to or forward a copy of this message to the sender and delete the message, any attachments, and any copies thereof from your system.