Hi , I would suggest to play with keycloak standalone by following https://medium.com/@bcarunmail/securing-rest-api-using-keycloak-and-sprin... And if you want to integrate your application using keycloak adapters please follow quick-start example of your requirement from https://github.com/keycloak/keycloak-quickstarts. Also you can follow keycloak official documention https://www.keycloak.org/docs/7.0/authorization_services/ Authorization Services Guide<https://www.keycloak.org/docs/7.0/authorization_services/> For instance, you might have a Bank Account resource that represents all banking accounts and use it to define the authorization policies that are common to all banking accounts. However, you might want to define specific policies for Alice Account (a resource instance that belongs to a customer), where only the owner is allowed to access some information or perform an operation. www.keycloak.org [https://miro.medium.com/max/1200/0*WNyZiK6UEu-d0_RY]<https://medium.co... Securing REST API using Keycloak and Spring Oauth2 - Arun B Chandrasekaran - Medium<https://medium.com/@bcarunmail/securing-rest-api-using-keycloak... Keycloak is Open Source Identity and Access Management Server, which is a OAuth2 and OpenID Connect(OIDC) protocol complaint. This article is to explain how Spring Boot REST APIs can be secured ... medium.com [https://avatars2.githubusercontent.com/u/4921466?s=400&v=4]<https:... GitHub - keycloak/keycloak-quickstarts<https://github.com/keycloak/keycloak-qui... Keycloak Quickstarts. Keycloak is an Open Source Identity and Access Management solution for modern Applications and Services.. The quickstarts demonstrate securing applications with Keycloak.They provide small, specific, working examples that can be used as a reference for your own project. github.com From: Tumenjargal B <b.tume(a)yahoo.com&gt; Sent: 16 November 2019 10:15 To: Sushil Singh <sushil.singh(a)guavus.com&gt; Subject: Re: [keycloak-user] Fw: Associating a REST api end point to multiple resources in Keycloak in Policy Enforcer Thank you very much Sushil, You're helped much time. One question I cant find any example or production case How to search example or config files? On Friday, November 15, 2019, 06:42:48 PM GMT+8, Sushil Singh <sushil.singh(a)guavus.com&gt; wrote: Based on my understanding , In keycloak what ever you want to protect is a Resource In your case Resources will be created based on Organizations Organization (Resources) Example /org/O1 /org/O2 /org/O3 /org/O4 So create two roles and associate policies with them 1. Account-role [ assign Account-role to the users / groups whom you want to give multiple access] 2. General-role [ assign General-role to users / groups whom you don’t want to give organization] So you can create Role based policy and attach that policy to the permission You can Associate the Resource with a Permission and Associate the permission with the above Policies Checkout these links to get an overview of how to manage resources, policies and permissions https://www.keycloak.org/docs/latest/authorization_services/index.html#_r... https://www.keycloak.org/docs/latest/authorization_services/index.html#_p... https://www.keycloak.org/docs/latest/authorization_services/index.html#_p... Authorization Services Guide - Keycloak<https://www.keycloak.org/docs/latest/authorization_services/i... For instance, you might have a Bank Account resource that represents all banking accounts and use it to define the authorization policies that are common to all banking accounts. However, you might want to define specific policies for Alice Account (a resource instance that belongs to a customer), where only the owner is allowed to access some information or perform an operation. www.keycloak.org Thanks Sushil Authorization Services Guide - Keycloak<https://www.keycloak.org/docs/latest/authorization_services/i... For instance, you might have a Bank Account resource that represents all banking accounts and use it to define the authorization policies that are common to all banking accounts. However, you might want to define specific policies for Alice Account (a resource instance that belongs to a customer), where only the owner is allowed to access some information or perform an operation. www.keycloak.org ________________________________ From: Tumenjargal B <b.tume(a)yahoo.com&gt; Sent: 15 November 2019 15:39 To: Stian Thorgersen <sthorger(a)redhat.com>; Pedro Igor Silva <psilva(a)redhat.com>; Sushil Singh <sushil.singh(a)guavus.com&gt; Subject: Re: [keycloak-user] Fw: Associating a REST api end point to multiple resources in Keycloak in Policy Enforcer Hello dears, I want to integrate old system to keycloak. A user has many organization. my case Users have account and general account position. a Account position has working many organization. How to intergate keycloak? How to save organization data of user on keycloak? Thank you On Friday, November 15, 2019, 05:52:03 PM GMT+8, Sushil Singh <sushil.singh(a)guavus.com&gt; wrote: ________________________________ From: Tumenjargal B <b.tume(a)yahoo.com&gt; Sent: 16 November 2019 10:15 To: Sushil Singh <sushil.singh(a)guavus.com&gt; Subject: Re: [keycloak-user] Fw: Associating a REST api end point to multiple resources in Keycloak in Policy Enforcer Thank you very much Sushil, You're helped much time. One question I cant find any example or production case How to search example or config files? On Friday, November 15, 2019, 06:42:48 PM GMT+8, Sushil Singh <sushil.singh(a)guavus.com&gt; wrote: Based on my understanding , In keycloak what ever you want to protect is a Resource In your case Resources will be created based on Organizations Organization (Resources) Example /org/O1 /org/O2 /org/O3 /org/O4 So create two roles and associate policies with them 1. Account-role [ assign Account-role to the users / groups whom you want to give multiple access] 2. General-role [ assign General-role to users / groups whom you don’t want to give organization] So you can create Role based policy and attach that policy to the permission You can Associate the Resource with a Permission and Associate the permission with the above Policies Checkout these links to get an overview of how to manage resources, policies and permissions https://www.keycloak.org/docs/latest/authorization_services/index.html#_r... https://www.keycloak.org/docs/latest/authorization_services/index.html#_p... https://www.keycloak.org/docs/latest/authorization_services/index.html#_p... Authorization Services Guide - Keycloak<https://www.keycloak.org/docs/latest/authorization_services/i... For instance, you might have a Bank Account resource that represents all banking accounts and use it to define the authorization policies that are common to all banking accounts. However, you might want to define specific policies for Alice Account (a resource instance that belongs to a customer), where only the owner is allowed to access some information or perform an operation. www.keycloak.org Thanks Sushil Authorization Services Guide - Keycloak<https://www.keycloak.org/docs/latest/authorization_services/i... For instance, you might have a Bank Account resource that represents all banking accounts and use it to define the authorization policies that are common to all banking accounts. However, you might want to define specific policies for Alice Account (a resource instance that belongs to a customer), where only the owner is allowed to access some information or perform an operation. www.keycloak.org ________________________________ From: Tumenjargal B <b.tume(a)yahoo.com&gt; Sent: 15 November 2019 15:39 To: Stian Thorgersen <sthorger(a)redhat.com>; Pedro Igor Silva <psilva(a)redhat.com>; Sushil Singh <sushil.singh(a)guavus.com&gt; Subject: Re: [keycloak-user] Fw: Associating a REST api end point to multiple resources in Keycloak in Policy Enforcer Hello dears, I want to integrate old system to keycloak. A user has many organization. my case Users have account and general account position. a Account position has working many organization. How to intergate keycloak? How to save organization data of user on keycloak? Thank you On Friday, November 15, 2019, 05:52:03 PM GMT+8, Sushil Singh <sushil.singh(a)guavus.com&gt; wrote: ________________________________ From: Sushil Singh <sushil.singh@guavus.com<mailto:sushil.singh@guavus.com>> Sent: 15 November 2019 15:14 To: Vishnu Prakash <vishnuprakash323@gmail.com<mailto:vishnuprakash323@gmail.com>>; Pedro Igor Silva <psilva@redhat.com<mailto:psilva@redhat.com>>; Stian Thorgersen <sthorger@redhat.com<mailto:sthorger@redhat.com>> Subject: Re: [keycloak-user] Associating a REST api end point to multiple resources in Keycloak in Policy Enforcer Hi, I think the use case is similar to what I am proposing @Vishnu Prakash<mailto:vishnuprakash323@gmail.com<mailto:vishnuprakash323@gmail.com>> I have also proposed to impose custom policy-enforcement on a set of resources. https://github.com/keycloak/keycloak/pull/6448 [https://repository-images.githubusercontent.com/11125589/bd31cf00-70f4-11... KEYCLOAK-11300 : Creating CustomEnforcer functionality for spring adapters by sushil-singh-guavus · Pull Request #6448 · keycloak/keycloak<https://github.com/keycloak/keycloak/pull/6448> KEYCLOAK-11300 : Creating CustomEnforcer functionality for spring adapters https://issues.jboss.org/browse/KEYCLOAK-11300 github.com Where user can specify a Map<Resource, Set<scopes>> and it will evaluate to a positive result only if it satisfies permission for all resources in the Map Currently I don't think this functionality is available in keycloak Thanks, Sushil ________________________________ From: keycloak-user-bounces@lists.jboss.org<mailto:keycloak-user-bounces@lists.jboss.org> <keycloak-user-bounces@lists.jboss.org<mailto:keycloak-user-bounces@lists.jboss.org>> on behalf of Vishnu Prakash <vishnuprakash323@gmail.com<mailto:vishnuprakash323@gmail.com>> Sent: 15 November 2019 10:01 To: keycloak-user <keycloak-user@lists.jboss.org<mailto:keycloak-user@lists.jboss.org>> Subject: [keycloak-user] Associating a REST api end point to multiple resources in Keycloak in Policy Enforcer Hi, I want to protect my REST api's using Keycloak. I am deploying my application in Wildfly application server and using keyclaok wildfly adapters. Is it possible to associate a REST api end point to multiple resources in keycloak using the Policy Enforcer. If the user is having permission to access all the associated resources, then only access should be granted to the api. Any input will be a great help to me. Thanks & Regards, Vishnu Prakash _______________________________________________ keycloak-user mailing list keycloak-user@lists.jboss.org<mailto:keycloak-user@lists.jboss.org> https://lists.jboss.org/mailman/listinfo/keycloak-user _______________________________________________ keycloak-user mailing list keycloak-user@lists.jboss.org<mailto:keycloak-user@lists.jboss.org> https://lists.jboss.org/mailman/listinfo/keycloak-user