[keycloak-user] Authorization question (maybe not keycloak?)

Marek Posolda mposolda at redhat.com
Wed May 11 03:49:36 EDT 2016


On 10/05/16 15:17, Darren Hartford wrote:
> Hi all,
> So, Keycloak has a lot of items around Authentication approaches, but 
> I haven't seen anything specific around authorization - is that a 
> different project?
We plan to add support for authorization. The prototype and instructions 
to try it are here [1] .

>
> My actual question is this - if you have java apps that have 
> <security-role><role-name>role1</role-name></security-role> or are 
> using @DeclareRoles, is there a mechanism where the application/SP can 
> *register* with the PDP with those roles, rather than copy-pasting 
> into those different IAM/PDP solutions?
We have client registration documented here [2] , but not sure if it has 
support for register client roles into Keycloak based on roles declared 
in web.xml. Probably not (and not sure if it's even realistic to add that).

[1] https://github.com/pedroigor/keycloak/blob/KEYCLOAK-2753/authz/README.md
[2] 
http://keycloak.github.io/docs/userguide/keycloak-server/html/client-registration.html

Marek
> thanky!
> -D
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160511/411df1ea/attachment.html 


More information about the keycloak-user mailing list