is about hiding clients
internal to Keycloak (realm management, account, etc..), not internal
applications.
On 25 April 2016 at 11:15, Thomas Darimont <thomas.darimont(a)googlemail.com>
wrote:
I think there are already 2 JIRA Issues that are related to this:
https://issues.jboss.org/browse/KEYCLOAK-1509: Hide internal clients and
roles
https://issues.jboss.org/browse/KEYCLOAK-1838: Configure client
visibillity
Cheers,
Thomas
2016-04-25 11:10 GMT+02:00 Thomas Raehalme <
thomas.raehalme(a)aitiofinland.com>:
> +1 for the possibility to restrict users' access to specific clients.
> Then you would not need to implement this common usecase in every client
> separately.
>
> Best regards,
> Thomas
> On Apr 25, 2016 11:42 AM, "Stian Thorgersen" <sthorger(a)redhat.com>
wrote:
>
> This may actually we a valid use-case. Consider a setup where you have:
>
> * Two applications - one that support self-registration (let's call it
> public-app) the other that only admins can give access to (let's call it
> internal-app)
> * Registration enabled - default roles only give access to the
> public-app, but no roles for internal-app
>
> In the way it currently works the registration link is shown when user
> comes from either app. However, the problem is that if a user visits
> internal-app and clicks on register the user won't actually be able to
> access the application afterwards.
>
> We could add an option that hides the registration link for certain
> applications. In the example above if a user tries to go to "public-app"
to
> later register for "internal-app" the user won't be able to access the
app.
> There may even be a case for a further option that allows marking what
> clients a user is allowed to access. If a user tries to login to an client
> that the user doesn't have access to Keycloak could block the login.
>
> On 22 April 2016 at 23:15, Bill Burke <bburke(a)redhat.com> wrote:
>
>> What's stopping somebody from visiting a client that allows
>> registration, registering, then visiting the client that doesn't allow
>> registration?
>>
>> THis is not soething we support
>>
>>
>> On 4/22/2016 4:57 PM, Everson, David (MNIT) wrote:
>>
>> Hi,
>>
>>
>>
>> We have several clients within a single realm. Some of these clients
>> allow for self user registration, others do not.
>>
>>
>>
>> The self user registration is enabled at the realm level. Is there a
>> way to override the realm setting at a client level?
>>
>>
>>
>> What’s your recommendations for implementing these requirements?
>>
>>
>>
>> Using Keycloak 1.8.0.Final.
>>
>>
>>
>> Thanks,
>>
>> Dave
>>
>>
>>
>>
>>
>> *Dave Everson | * DIVISION OF ENVIRONMENTAL HEALTH
>>
>> MN.IT Services @ mINNESOTA dEPARTMENT OF hEALTH
>>
>> 651-201-5146 (w) *| * *david.everson(a)state.mn.us
>> <david.everson(a)state.mn.us>*
>>
>> *[image: cid:image001.jpg@01CE4005.70B223E0]* <
http://www.mn.gov/oet>
>>
>>
>>
>> Information Technology for Minnesota Government *|*
mn.gov/oet
>> <
http://www.mn.gov/oet>
>>
>>
>>
>>
>>
>>
>> _______________________________________________
>> keycloak-user mailing
listkeycloak-user@lists.jboss.orghttps://lists.jboss.org/mailman/listinfo/keycloak-user
>>
>>
>> --
>> Bill Burke
>> JBoss, a division of Red
Hathttp://bill.burkecentral.com
>>
>>
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user(a)lists.jboss.org
>>
https://lists.jboss.org/mailman/listinfo/keycloak-user
>>
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org
>
https://lists.jboss.org/mailman/listinfo/keycloak-user
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org
>
https://lists.jboss.org/mailman/listinfo/keycloak-user
>