[keycloak-user] Custom Authorization in Keycloak

Pedro Igor Silva psilva at redhat.com
Mon Aug 28 08:24:29 EDT 2017


The only SPI we have in AuthZ Services is for writing custom policy
providers. But this SPI is not yet public and should change in next
releases.

What do you think about this RFE [1] ?

How your permissions look like in your legacy database ? E.g.: A string
like resource:role|group|user:action ?

[1] https://issues.jboss.org/browse/KEYCLOAK-5346


On Fri, Aug 25, 2017 at 6:45 PM, Muehlburger, Herbert <
herbert.muehlburger at bearingpoint.com> wrote:

> Dear Keycloak Community,
>
>
> we are evaluating Keycloak and have the use that that we cannot migrate
> authorization information (roles, permissions, ...) to Keycloak. We have
> this information stored in a legacy database. Is it possible to write an
> extension to Keycloak which handles with authorization decisions there? It
> would load our roles and permissions, etc. and decide if it grants access
> to the user or client being present. I know about the extension mechanism
> on writing custom User Store providers but I'm not sure if this is the
> right place to do that for authorization information as well?
>
>
> Thank you for any help,
>
> Best regard,
>
> Herbert?
>
>
>
> Herbert Mühlburger
> Senior System Engineer
>
> [http://signature.bearingpoint.com/BrP_Logo.png]
>
> T  +43 316 8003
> F  +43 316 8003 1080
>
> BearingPoint
> Seering 6, Block B
> 8141 Premstätten
> Austria
>
> herbert.muehlburger at bearingpoint.com <mailto:herbert.muehlburger@
> bearingpoint.com>
> www.bearingpoint.com<http://www.bearingpoint.com/>
> ________________________________
> BearingPoint Technology GmbH
> Sitz: Premstätten bei Graz
> Firmenbuchgericht: Landesgericht für ZRS Graz
> Firmenbuchnummer: FN 44354b
>
> The information in this email is confidential and may be legally
> privileged. If you are not the intended recipient of this message, any
> review, disclosure, copying, distribution, retention, or any action taken
> or omitted to be taken in reliance on it is prohibited and may be unlawful.
> If you are not the intended recipient, please reply to or forward a copy of
> this message to the sender and delete the message, any attachments, and any
> copies thereof from your system.
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>


More information about the keycloak-user mailing list