I think there are already 2 JIRA Issues that are related to this: https://issues.jboss.org/browse/KEYCLOAK-1509: Hide internal clients and roles https://issues.jboss.org/browse/KEYCLOAK-1838: Configure client visibillity Cheers, Thomas 2016-04-25 11:10 GMT+02:00 Thomas Raehalme < thomas.raehalme(a)aitiofinland.com&gt;: > +1 for the possibility to restrict users' access to specific clients. > Then you would not need to implement this common usecase in every client > separately. > > Best regards, > Thomas > On Apr 25, 2016 11:42 AM, "Stian Thorgersen" <sthorger(a)redhat.com&gt; wrote: > > This may actually we a valid use-case. Consider a setup where you have: > > * Two applications - one that support self-registration (let's call it > public-app) the other that only admins can give access to (let's call it > internal-app) > * Registration enabled - default roles only give access to the > public-app, but no roles for internal-app > > In the way it currently works the registration link is shown when user > comes from either app. However, the problem is that if a user visits > internal-app and clicks on register the user won't actually be able to > access the application afterwards. > > We could add an option that hides the registration link for certain > applications. In the example above if a user tries to go to "public-app" to > later register for "internal-app" the user won't be able to access the app. > There may even be a case for a further option that allows marking what > clients a user is allowed to access. If a user tries to login to an client > that the user doesn't have access to Keycloak could block the login. > > On 22 April 2016 at 23:15, Bill Burke <bburke(a)redhat.com&gt; wrote: > >> What's stopping somebody from visiting a client that allows >> registration, registering, then visiting the client that doesn't allow >> registration? >> >> THis is not soething we support >> >> >> On 4/22/2016 4:57 PM, Everson, David (MNIT) wrote: >> >> Hi, >> >> >> >> We have several clients within a single realm. Some of these clients >> allow for self user registration, others do not. >> >> >> >> The self user registration is enabled at the realm level. Is there a >> way to override the realm setting at a client level? >> >> >> >> What’s your recommendations for implementing these requirements? >> >> >> >> Using Keycloak 1.8.0.Final. >> >> >> >> Thanks, >> >> Dave >> >> >> >> >> >> *Dave Everson | * DIVISION OF ENVIRONMENTAL HEALTH >> >> MN.IT Services @ mINNESOTA dEPARTMENT OF hEALTH >> >> 651-201-5146 (w) *| * *david.everson(a)state.mn.us >> <david.everson(a)state.mn.us&gt;* >> >> *[image: cid:image001.jpg@01CE4005.70B223E0]* <http://www.mn.gov/oet> >> >> >> >> Information Technology for Minnesota Government *|* mn.gov/oet >> <http://www.mn.gov/oet> >> >> >> >> >> >> >> _______________________________________________ >> keycloak-user mailing listkeycloak-user@lists.jboss.orghttps://lists.jboss.org/mailman/listinfo/keycloak-user >> >> >> -- >> Bill Burke >> JBoss, a division of Red Hathttp://bill.burkecentral.com >> >> >> _______________________________________________ >> keycloak-user mailing list >> keycloak-user(a)lists.jboss.org >> https://lists.jboss.org/mailman/listinfo/keycloak-user >> > > > _______________________________________________ > keycloak-user mailing list > keycloak-user(a)lists.jboss.org > https://lists.jboss.org/mailman/listinfo/keycloak-user > > > _______________________________________________ > keycloak-user mailing list > keycloak-user(a)lists.jboss.org > https://lists.jboss.org/mailman/listinfo/keycloak-user >