[keycloak-user] Configure Self User Registration at Client Level

Thomas Raehalme thomas.raehalme at aitiofinland.com
Mon Apr 25 05:10:00 EDT 2016


+1 for the possibility to restrict users' access to specific clients. Then
you would not need to implement this common usecase in every client
separately.

Best regards,
Thomas
On Apr 25, 2016 11:42 AM, "Stian Thorgersen" <sthorger at redhat.com> wrote:

This may actually we a valid use-case. Consider a setup where you have:

* Two applications - one that support self-registration (let's call it
public-app) the other that only admins can give access to (let's call it
internal-app)
* Registration enabled - default roles only give access to the public-app,
but no roles for internal-app

In the way it currently works the registration link is shown when user
comes from either app. However, the problem is that if a user visits
internal-app and clicks on register the user won't actually be able to
access the application afterwards.

We could add an option that hides the registration link for certain
applications. In the example above if a user tries to go to "public-app" to
later register for "internal-app" the user won't be able to access the app.
There may even be a case for a further option that allows marking what
clients a user is allowed to access. If a user tries to login to an client
that the user doesn't have access to Keycloak could block the login.

On 22 April 2016 at 23:15, Bill Burke <bburke at redhat.com> wrote:

> What's stopping somebody from visiting a client that allows registration,
> registering, then visiting the client that doesn't allow registration?
>
> THis is not soething we support
>
>
> On 4/22/2016 4:57 PM, Everson, David (MNIT) wrote:
>
> Hi,
>
>
>
> We have several clients within a single realm.  Some of these clients
> allow for self user registration, others do not.
>
>
>
> The self user registration is enabled at the realm level.  Is there a way
> to override the realm setting at a client level?
>
>
>
> What’s your recommendations for implementing these requirements?
>
>
>
> Using Keycloak 1.8.0.Final.
>
>
>
> Thanks,
>
> Dave
>
>
>
>
>
> *Dave Everson  | * DIVISION OF ENVIRONMENTAL HEALTH
>
> MN.IT Services @ mINNESOTA dEPARTMENT OF hEALTH
>
> 651-201-5146 (w)  *| *   *david.everson at state.mn.us
> <david.everson at state.mn.us>*
>
> *[image: cid:image001.jpg at 01CE4005.70B223E0]* <http://www.mn.gov/oet>
>
>
>
> Information Technology for Minnesota Government   *|*   mn.gov/oet
> <http://www.mn.gov/oet>
>
>
>
>
>
>
> _______________________________________________
> keycloak-user mailing listkeycloak-user at lists.jboss.orghttps://lists.jboss.org/mailman/listinfo/keycloak-user
>
>
> --
> Bill Burke
> JBoss, a division of Red Hathttp://bill.burkecentral.com
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>


_______________________________________________
keycloak-user mailing list
keycloak-user at lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160425/ea1d2e3c/attachment.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/jpeg
Size: 1712 bytes
Desc: not available
Url : http://lists.jboss.org/pipermail/keycloak-user/attachments/20160425/ea1d2e3c/attachment.jpe 


More information about the keycloak-user mailing list