[keycloak-user] Restrict Enduser Access to some Clients.

Jakob Ackermann keycloak at ackermann.ca
Wed Mar 7 14:10:19 EST 2018


 Hello Keycloak users,

I'm trying to archive the following scenario with Keycloak and failing.
I've read through documentation and could not find how I suppose to solve
this. If someone could help me to point to the right direction it would be
much appreciated.

Realm: organization

clients:
google (as SP)
custom01
custom02 (without access to check for roles in the authentication script)


user roles:
user-google
user-custom01
user-custom02

users:
user1 -> roles: user-google, user-custom01
user2 -> roles: user-custom02


How can I permit only users with role user-google to access the the google
client? For custom clients I can change the code to look for the role but
most SSO setups like Google don't have an option to do this. Is there a way
in Keycloak to restrict access?

Thanks so much.


More information about the keycloak-user mailing list