[keycloak-dev] [keycloak-gatekeeper] Add resource filter to allow specific users

Niels Denissen nielsdenissen at gmail.com
Wed Oct 30 05:59:24 EDT 2019


Hi,

In a project I’m working on we need to restrict access to a certain resource (URL) to a single person only. We’re using keycloak-gatekeeper in front of this resource to restrict access. 
As far as I understand, in order to achieve this in the current architecture, this would involve creating a new group for each separate user and in keycloak-gatekeeper add this group to the list of allowed groups for this resource.
As this involves creating a group for each user (lots of overhead), I envisioned a new filter in the keycloak-gatekeeper project for resources based on `AllowedUsers` (next to the existing ones for e.g. roles and groups). This would allow us to specify for any given resource, the user that is allowed access to it specifically. I’ve created some initial code for this in a fork (https://github.com/nielsdenissen/keycloak-gatekeeper/commit/5ed6ddf2e5714803c0ddeffb562fafade1e761d7 <https://github.com/nielsdenissen/keycloak-gatekeeper/commit/5ed6ddf2e5714803c0ddeffb562fafade1e761d7>) and am looking for some feedback of the community to see if I missed any other way to solve this problem and whether such a feature seems interesting to others as well.

Any help is appreciated!

Thanks,
Niels


More information about the keycloak-dev mailing list