[keycloak-user] How to keep users from updating their account details in admin client?
Jürgeleit Torsten
torsten.juergeleit at gmail.com
Tue Jul 10 15:35:13 EDT 2018
Hi Dmitry,
thanks for then reply.
Cheers,
Torsten
> On 10. Jul 2018, at 13:59, Dmitry Telegin <dt at acutus.pro> wrote:
>
> Hi Torsten,
>
> AFAIK this cannot be done out of the box. However, per [1],
>
>> At the moment there are two roles associated with the account
>> application:
>>
>> * view-profile - retrive the user profile (produces json)
>> * manage-account - management the account (produces html, and
>> consumes forms)
>
> (there's also manage-account-links now, but this is not important here)
>
> Thus, you can revoke manage-account (but let view-profile) and create
> your own profile page that would retrieve JSON and render it the way
> you like.
>
> [1] http://lists.jboss.org/pipermail/keycloak-dev/2013-November/000678.
> html
>
> Cheers,
> Dmitry Telegin
> CTO, Acutus s.r.o.
> Keycloak Consulting and Training
>
> Pod lipami street 339/52, 130 00 Prague 3, Czech Republic
> +42 (022) 888-30-71
> E-mail: info at acutus.pro
>
> On Fri, 2018-07-06 at 14:04 +0200, Torsten Juergeleit wrote:
>> Hi everyone,
>>
>> we have the requirement, that the users are not able to change their
>> account details (email, first name, last name) in Keycloak's account
>> client. We need read-only access to the admin client, so removing the
>> admin
>> client from the realm is not an option.
>>
>> Is there any way to achieve this other than blocking any post to
>> "/auth/realms/<realm>/account/" in our reverse proxy?
>>
>> Cheers,
>> Torsten
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-user
More information about the keycloak-user
mailing list