Hi Torsten,
AFAIK this cannot be done out of the box. However, per [1],
At the moment there are two roles associated with the account
application:
* view-profile - retrive the user profile (produces json)
* manage-account - management the account (produces html, and
consumes forms)
(there's also manage-account-links now, but this is not important here)
Thus, you can revoke manage-account (but let view-profile) and create
your own profile page that would retrieve JSON and render it the way
you like.
[1]
http://lists.jboss.org/pipermail/keycloak-dev/2013-November/000678.
html
Cheers,
Dmitry Telegin
CTO, Acutus s.r.o.
Keycloak Consulting and Training
Pod lipami street 339/52, 130 00 Prague 3, Czech Republic
+42 (022) 888-30-71
E-mail: info@acutus.pro
On Fri, 2018-07-06 at 14:04 +0200, Torsten Juergeleit wrote:
Hi everyone,
we have the requirement, that the users are not able to change their
account details (email, first name, last name) in Keycloak's account
client. We need read-only access to the admin client, so removing the
admin
client from the realm is not an option.
Is there any way to achieve this other than blocking any post to
"/auth/realms/<realm>/account/" in our reverse proxy?
Cheers,
Torsten
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user