[keycloak-dev] Switch to enable token retrieval by apps from brokered Idps
Marek Posolda
mposolda at redhat.com
Mon Feb 9 05:35:49 EST 2015
Hi,
It makes sense to me to allow application to retrieve the external IDP
token and configure this per application via custom claim. But I am not
seeing much point to filter identity providers on login screen based on
application?
IMO login screen should be same for whole realm. And if I enable
Facebook login, it should be enabled for all apps in the realm.
Restriction based on apps still won't work well as Keycloak is SSO
system. Even if I don't allow Facebook login for application "foo", I
can still login to Facebook in application "bar" and then I can be
logged via SSO to application "foo". At least that's my point of view to
it;-)
Marek
On 6.2.2015 14:15, Pedro Igor Silva wrote:
> Hi,
>
> Does makes sense to enable an identity provider to an application and *not* allow the same application to retrieve tokens from the identity provider ?
>
> Regards.
> Pedro Igor
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
More information about the keycloak-dev
mailing list