This may actually we a valid use-case. Consider a setup where you have:
* Two applications - one that support self-registration (let's call it
public-app) the other that only admins can give access to (let's call it
internal-app)
* Registration enabled - default roles only give access to the public-app,
but no roles for internal-app
In the way it currently works the registration link is shown when user
comes from either app. However, the problem is that if a user visits
internal-app and clicks on register the user won't actually be able to
access the application afterwards.
We could add an option that hides the registration link for certain
applications. In the example above if a user tries to go to "public-app" to
later register for "internal-app" the user won't be able to access the app.
There may even be a case for a further option that allows marking what
clients a user is allowed to access. If a user tries to login to an client
that the user doesn't have access to Keycloak could block the login.
On 22 April 2016 at 23:15, Bill Burke <bburke(a)redhat.com> wrote:
What's stopping somebody from visiting a client that allows
registration,
registering, then visiting the client that doesn't allow registration?
THis is not soething we support
On 4/22/2016 4:57 PM, Everson, David (MNIT) wrote:
Hi,
We have several clients within a single realm. Some of these clients
allow for self user registration, others do not.
The self user registration is enabled at the realm level. Is there a way
to override the realm setting at a client level?
What’s your recommendations for implementing these requirements?
Using Keycloak 1.8.0.Final.
Thanks,
Dave
*Dave Everson | * DIVISION OF ENVIRONMENTAL HEALTH
MN.IT Services @ mINNESOTA dEPARTMENT OF hEALTH
651-201-5146 (w) *| * *david.everson(a)state.mn.us
<david.everson(a)state.mn.us>*
*[image: cid:image001.jpg@01CE4005.70B223E0]* <
http://www.mn.gov/oet>
Information Technology for Minnesota Government *|*
mn.gov/oet
<
http://www.mn.gov/oet>
_______________________________________________
keycloak-user mailing
listkeycloak-user@lists.jboss.orghttps://lists.jboss.org/mailman/listinfo/keycloak-user
--
Bill Burke
JBoss, a division of Red
Hathttp://bill.burkecentral.com
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user