[keycloak-user] Configure Self User Registration at Client Level

Stian Thorgersen sthorger at redhat.com
Mon Apr 25 05:49:46 EDT 2016 

https://issues.jboss.org/browse/KEYCLOAK-1509 is about hiding clients
internal to Keycloak (realm management, account, etc..), not internal
applications.

On 25 April 2016 at 11:15, Thomas Darimont <thomas.darimont at googlemail.com>
wrote:

> I think there are already 2 JIRA Issues that are related to this:
> https://issues.jboss.org/browse/KEYCLOAK-1509: Hide internal clients and
> roles
> https://issues.jboss.org/browse/KEYCLOAK-1838: Configure client
> visibillity
>
> Cheers,
> Thomas
>
> 2016-04-25 11:10 GMT+02:00 Thomas Raehalme <
> thomas.raehalme at aitiofinland.com>:
>
>> +1 for the possibility to restrict users' access to specific clients.
>> Then you would not need to implement this common usecase in every client
>> separately.
>>
>> Best regards,
>> Thomas
>> On Apr 25, 2016 11:42 AM, "Stian Thorgersen" <sthorger at redhat.com> wrote:
>>
>> This may actually we a valid use-case. Consider a setup where you have:
>>
>> * Two applications - one that support self-registration (let's call it
>> public-app) the other that only admins can give access to (let's call it
>> internal-app)
>> * Registration enabled - default roles only give access to the
>> public-app, but no roles for internal-app
>>
>> In the way it currently works the registration link is shown when user
>> comes from either app. However, the problem is that if a user visits
>> internal-app and clicks on register the user won't actually be able to
>> access the application afterwards.
>>
>> We could add an option that hides the registration link for certain
>> applications. In the example above if a user tries to go to "public-app" to
>> later register for "internal-app" the user won't be able to access the app.
>> There may even be a case for a further option that allows marking what
>> clients a user is allowed to access. If a user tries to login to an client
>> that the user doesn't have access to Keycloak could block the login.
>>
>> On 22 April 2016 at 23:15, Bill Burke <bburke at redhat.com> wrote:
>>
>>> What's stopping somebody from visiting a client that allows
>>> registration, registering, then visiting the client that doesn't allow
>>> registration?
>>>
>>> THis is not soething we support
>>>
>>>
>>> On 4/22/2016 4:57 PM, Everson, David (MNIT) wrote:
>>>
>>> Hi,
>>>
>>>
>>>
>>> We have several clients within a single realm.  Some of these clients
>>> allow for self user registration, others do not.
>>>
>>>
>>>
>>> The self user registration is enabled at the realm level.  Is there a
>>> way to override the realm setting at a client level?
>>>
>>>
>>>
>>> What’s your recommendations for implementing these requirements?
>>>
>>>
>>>
>>> Using Keycloak 1.8.0.Final.
>>>
>>>
>>>
>>> Thanks,
>>>
>>> Dave
>>>
>>>
>>>
>>>
>>>
>>> *Dave Everson  | * DIVISION OF ENVIRONMENTAL HEALTH
>>>
>>> MN.IT Services @ mINNESOTA dEPARTMENT OF hEALTH
>>>
>>> 651-201-5146 (w)  *| *   *david.everson at state.mn.us
>>> <david.everson at state.mn.us>*
>>>
>>> *[image: cid:image001.jpg at 01CE4005.70B223E0]* <http://www.mn.gov/oet>
>>>
>>>
>>>
>>> Information Technology for Minnesota Government   *|*   mn.gov/oet
>>> <http://www.mn.gov/oet>
>>>
>>>
>>>
>>>
>>>
>>>
>>> _______________________________________________
>>> keycloak-user mailing listkeycloak-user at lists.jboss.orghttps://lists.jboss.org/mailman/listinfo/keycloak-user
>>>
>>>
>>> --
>>> Bill Burke
>>> JBoss, a division of Red Hathttp://bill.burkecentral.com
>>>
>>>
>>> _______________________________________________
>>> keycloak-user mailing list
>>> keycloak-user at lists.jboss.org
>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>
>>
>>
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>
>>
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160425/1d35c4b1/attachment.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/jpeg
Size: 1712 bytes
Desc: not available
Url : http://lists.jboss.org/pipermail/keycloak-user/attachments/20160425/1d35c4b1/attachment.jpe

More information about the keycloak-user mailing list