[keycloak-user] Group policy for authorization.
Pedro Igor Silva
psilva at redhat.com
Wed Jun 14 06:58:50 EDT 2017
Should be available soon https://github.com/keycloak/keycloak/pull/4224.
On Wed, Jun 14, 2017 at 4:16 AM, Hübner, Bettina <Bettina.Huebner at kvbawue.de
> wrote:
> Hi R,
>
> you can use a Group Mapper to add the group to the access token and then
> create a JavaScript Policy that checks the group membership.
>
> E.g. when using 'group' as 'Token Claim Name' property of the group mapper
>
> var identity = $evaluation.getContext().getIdentity();
> var attributes = identity.getAttributes();
> var n = attributes.getValue('group').size();
>
> for (i = 0; i < n; i++) {
> var group = attributes.getValue('group').asString(i);
> if (group == "name of group needed to acces the resource") {
> $evaluation.grant();
> }
> }
>
>
> Regards
> Bettina
>
>
>
>
> -----Ursprüngliche Nachricht-----
> Von: keycloak-user-bounces at lists.jboss.org [mailto:keycloak-user-bounces@
> lists.jboss.org] Im Auftrag von rafterjiang
> Gesendet: Dienstag, 13. Juni 2017 19:42
> An: keycloak-user at lists.jboss.org
> Betreff: [keycloak-user] Group policy for authorization.
>
> Hello,
>
> Is there a *group policy *that we can use for authorization? This way we
> can
> simply add new user to the group that we have created and the user can
> automatically gain access to the resource.
>
> Right now we have to create policy for every single new user and assign to
> the resource.
>
> Thanks,
> R
>
>
>
> --
> View this message in context: http://keycloak-user.88327.x6.
> nabble.com/Group-policy-for-authorization-tp3940.html
> Sent from the keycloak-user mailing list archive at Nabble.com.
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
More information about the keycloak-user
mailing list