2:27 a.m.
Dear Keycloak users,
First of all I would like to thank you for committing on this project.
I configured Keycloak with FreeIPA. I have single realm in Keycloak (master realm) and All
of my SAML clients are in this realm, Right now I want to limit access to
"Weekdone.com SAML client" for certain users and as I searched I found out there
is no authorization on SAML and it's under development, Can you please tell me about
it's status?
If it's not available right now, How can I implement it?
Is it Ok if I create a "weekdone users" group in FreeIPA and create another
realm in Keycloak and add weekdone SAML client to that realm?
I think that makes a mess in the long-term but I found no other solution.
References to this issue:
http://lists.jboss.org/pipermail/keycloak-user/2017-September/011759.html
https://www.reddit.com/r/selfhosted/comments/8ah2we/keycloak_authorizatio...
Best Regards.
6:46 a.m.
Hi John,
Yes, there is no easy way to do that right now when using SAML. There is an
extension [1] though that works for OIDC.
I dunno if we are going to invest authorization in SAML, but you can open
an RFE and try to get votes from other interested parties.
Best regards.
Pedro Igor
[1] https://www.keycloak.org/extensions.html
On Sun, Feb 3, 2019 at 6:32 AM John Doe <fsf.eff(a)protonmail.com> wrote:
Dear Keycloak users,
First of all I would like to thank you for committing on this project.
I configured Keycloak with FreeIPA. I have single realm in Keycloak
(master realm) and All of my SAML clients are in this realm, Right now I
want to limit access to "Weekdone.com SAML client" for certain users and as
I searched I found out there is no authorization on SAML and it's under
development, Can you please tell me about it's status?
If it's not available right now, How can I implement it?
Is it Ok if I create a "weekdone users" group in FreeIPA and create
another realm in Keycloak and add weekdone SAML client to that realm?
I think that makes a mess in the long-term but I found no other solution.
References to this issue:
http://lists.jboss.org/pipermail/keycloak-user/2017-September/011759.html
https://www.reddit.com/r/selfhosted/comments/8ah2we/keycloak_authorizatio...
Best Regards.
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
2529
days inactive
2530
days old
1 comments
2 participants
participants (2)
-
John Doe -
Pedro Igor Silva