[keycloak-user] How to keep users from updating their account details in admin client?
Dmitry Telegin
dt at acutus.pro
Tue Jul 10 07:59:55 EDT 2018
Hi Torsten,
AFAIK this cannot be done out of the box. However, per [1],
> At the moment there are two roles associated with the account
> application:
>
> * view-profile - retrive the user profile (produces json)
> * manage-account - management the account (produces html, and
> consumes forms)
(there's also manage-account-links now, but this is not important here)
Thus, you can revoke manage-account (but let view-profile) and create
your own profile page that would retrieve JSON and render it the way
you like.
[1] http://lists.jboss.org/pipermail/keycloak-dev/2013-November/000678.
html
Cheers,
Dmitry Telegin
CTO, Acutus s.r.o.
Keycloak Consulting and Training
Pod lipami street 339/52, 130 00 Prague 3, Czech Republic
+42 (022) 888-30-71
E-mail: info at acutus.pro
On Fri, 2018-07-06 at 14:04 +0200, Torsten Juergeleit wrote:
> Hi everyone,
>
> we have the requirement, that the users are not able to change their
> account details (email, first name, last name) in Keycloak's account
> client. We need read-only access to the admin client, so removing the
> admin
> client from the realm is not an option.
>
> Is there any way to achieve this other than blocking any post to
> "/auth/realms/<realm>/account/" in our reverse proxy?
>
> Cheers,
> Torsten
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
More information about the keycloak-user
mailing list