Indeed that what I finally did. Simple solutions sometimes slip my mind.
Was looking for too complex :)
On Tue, Jan 3, 2017 at 6:24 PM Bill Burke <bburke(a)redhat.com> wrote:
You could do it in a servlet filter.
On 1/3/17 10:09 AM, David Delbecq wrote:
> I'm trying to find out the best way to migrate one of our current
> to a keycloak based installation.
> We currently have a many to one relationship between user account and
> companies. A company can have multiple users in the application. We need
> be able to disable a complete company on one application. What is the
> approach to doing this?
> I tried (and failed) to create an additional required login module in
> wildfly and have this return false on login() if company has not been
> enabled in application. It seems that when you come with a bearer token,
> you don't go into login modules (neither mine nor the keycloak one), you
> are just immediately recognized by subsystem which then bypass the jaas
> login modules of keycloak.
> I can't just disable the users, as they still need to be able to log in
> our other applications.
> I was thinking into using Groups in keycloak, one for each
> company&application combo and add / remove an automatic required role to
> block access to disabled companies. But it means a double maintenance
> between keycloak and our internal database to maintain the list of
> Is there someway to tap in the the wildfly keycloak subsystem to veto
> thank you.
keycloak-user mailing list
Software engineer, Transport & Logistics
Geldenaaksebaan 329, 1st floor | 3001 Leuven
+32 16 391 121 <+32%2016%20391%20121> Direct