Keycloak Authorizaion with SaaS - keycloak-user - Jboss List Archives

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

Keycloak Authorizaion with SaaS

Re: [keycloak-user] JAX-RS Backend...

Re: [keycloak-user] JAX-RS Backend...

Adam Keily

Thursday, 16 February 2017 Thu, 16 Feb '17

4:08 p.m.

Hi Guys, Just wondering if it's possible to do any implement any keycloak authorization controls for a SaaS app scenario where we don't have the ability to modify the application? e.g. We want to allow or deny access to an application based on role but no code can be added to the app.

Reply

Show replies by date

Bill Burke

Thursday, 16 February Thu, 16 Feb

5:16 p.m.

See Keycloak Proxy. We haven't really touched that code in years though. Instead we're recommending you proxy your app using Apache + mod-auth-mellon (SAML) or mod-auth-openidc (OIDC). On 2/16/17 5:08 PM, Adam Keily wrote:

Hi Guys, Just wondering if it's possible to do any implement any keycloak authorization controls for a SaaS app scenario where we don't have the ability to modify the application? e.g. We want to allow or deny access to an application based on role but no code can be added to the app. _______________________________________________ keycloak-user mailing list keycloak-user(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-user

Reply

Andy Stebbing

6:38 p.m.

Is it possible to use an SPI component to handle at least coarse grained authorisation? It can intercept the authentication to check the policy via the API? cheers andy On Thu, 2017-02-16 at 18:16 -0500, Bill Burke wrote:

See Keycloak Proxy. We haven't really touched that code in years though. Instead we're recommending you proxy your app using Apache + mod-auth-mellon (SAML) or mod-auth-openidc (OIDC). On 2/16/17 5:08 PM, Adam Keily wrote: > > Hi Guys, > > Just wondering if it's possible to do any implement any keycloak authorization controls for a SaaS app scenario where we don't have the ability to modify > the application? > > e.g. We want to allow or deny access to an application based on role but no code can be added to the app. > _______________________________________________ > keycloak-user mailing list > keycloak-user(a)lists.jboss.org > https://lists.jboss.org/mailman/listinfo/keycloak-user _______________________________________________ keycloak-user mailing list keycloak-user(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-user

Reply

2855

days inactive

2856

days old

keycloak-user@lists.jboss.org

Manage subscription

2 comments

3 participants

tags (0)

participants (3)

Adam Keily
Andy Stebbing
Bill Burke