[keycloak-user] Configure Self User Registration at Client Level

Thomas Darimont thomas.darimont at googlemail.com
Mon Apr 25 05:15:45 EDT 2016


I think there are already 2 JIRA Issues that are related to this:
https://issues.jboss.org/browse/KEYCLOAK-1509: Hide internal clients and
roles
https://issues.jboss.org/browse/KEYCLOAK-1838: Configure client visibillity

Cheers,
Thomas

2016-04-25 11:10 GMT+02:00 Thomas Raehalme <thomas.raehalme at aitiofinland.com
>:

> +1 for the possibility to restrict users' access to specific clients. Then
> you would not need to implement this common usecase in every client
> separately.
>
> Best regards,
> Thomas
> On Apr 25, 2016 11:42 AM, "Stian Thorgersen" <sthorger at redhat.com> wrote:
>
> This may actually we a valid use-case. Consider a setup where you have:
>
> * Two applications - one that support self-registration (let's call it
> public-app) the other that only admins can give access to (let's call it
> internal-app)
> * Registration enabled - default roles only give access to the public-app,
> but no roles for internal-app
>
> In the way it currently works the registration link is shown when user
> comes from either app. However, the problem is that if a user visits
> internal-app and clicks on register the user won't actually be able to
> access the application afterwards.
>
> We could add an option that hides the registration link for certain
> applications. In the example above if a user tries to go to "public-app" to
> later register for "internal-app" the user won't be able to access the app.
> There may even be a case for a further option that allows marking what
> clients a user is allowed to access. If a user tries to login to an client
> that the user doesn't have access to Keycloak could block the login.
>
> On 22 April 2016 at 23:15, Bill Burke <bburke at redhat.com> wrote:
>
>> What's stopping somebody from visiting a client that allows registration,
>> registering, then visiting the client that doesn't allow registration?
>>
>> THis is not soething we support
>>
>>
>> On 4/22/2016 4:57 PM, Everson, David (MNIT) wrote:
>>
>> Hi,
>>
>>
>>
>> We have several clients within a single realm.  Some of these clients
>> allow for self user registration, others do not.
>>
>>
>>
>> The self user registration is enabled at the realm level.  Is there a way
>> to override the realm setting at a client level?
>>
>>
>>
>> What’s your recommendations for implementing these requirements?
>>
>>
>>
>> Using Keycloak 1.8.0.Final.
>>
>>
>>
>> Thanks,
>>
>> Dave
>>
>>
>>
>>
>>
>> *Dave Everson  | * DIVISION OF ENVIRONMENTAL HEALTH
>>
>> MN.IT Services @ mINNESOTA dEPARTMENT OF hEALTH
>>
>> 651-201-5146 (w)  *| *   *david.everson at state.mn.us
>> <david.everson at state.mn.us>*
>>
>> *[image: cid:image001.jpg at 01CE4005.70B223E0]* <http://www.mn.gov/oet>
>>
>>
>>
>> Information Technology for Minnesota Government   *|*   mn.gov/oet
>> <http://www.mn.gov/oet>
>>
>>
>>
>>
>>
>>
>> _______________________________________________
>> keycloak-user mailing listkeycloak-user at lists.jboss.orghttps://lists.jboss.org/mailman/listinfo/keycloak-user
>>
>>
>> --
>> Bill Burke
>> JBoss, a division of Red Hathttp://bill.burkecentral.com
>>
>>
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160425/07254d47/attachment-0001.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/jpeg
Size: 1712 bytes
Desc: not available
Url : http://lists.jboss.org/pipermail/keycloak-user/attachments/20160425/07254d47/attachment-0001.jpe 


More information about the keycloak-user mailing list