[keycloak-dev] Keycloak Modules developed for the Cloudtrust project
Pedro Igor Silva
psilva at redhat.com
Fri Aug 17 10:26:21 EDT 2018
On Tue, Aug 14, 2018 at 6:53 AM, Doswald Alistair <alistair.doswald at elca.ch>
wrote:
>
> * keycloak-authorization (https://github.com/cloudtrust
> /keycloak-authorization): this module allows the use of the client
> authorization system to prevent a user which is authenticated in a Keycloak
> realm to access a given client. It works no matter which protocol is used,
> and without the client having to support any extra protocol. Note: this
> solution is a bit hacky, but necessary for one of our use-cases.
>
Regarding this extension. if I understood it correctly, it works like that.
First from an admin perspective:
1) User creates a client an enable authorization services to it
2) User creates a resource "Keycloak Client Resource" and define any
permission to it
>From a server perspective:
1) Check if authorization services is enabled to the client to which the
user is authenticating
2) Check whether or not permission to access the client is granted
It seems that the main logic for this is at https://github.com/
cloudtrust/keycloak-authorization/blob/master/src/main/java/io/cloudtrust/
keycloak/protocol/LocalAuthorizationService.java.
Is my understanding correct ? Would like to know if that is how it works
today so we can start discussing alternatives.
Regards.
Pedro Igor
More information about the keycloak-dev
mailing list