[keycloak-user] Restrict Enduser Access to some Clients.
Jakob Ackermann
keycloak at ackermann.ca
Wed Mar 7 14:10:19 EST 2018
Hello Keycloak users,
I'm trying to archive the following scenario with Keycloak and failing.
I've read through documentation and could not find how I suppose to solve
this. If someone could help me to point to the right direction it would be
much appreciated.
Realm: organization
clients:
google (as SP)
custom01
custom02 (without access to check for roles in the authentication script)
user roles:
user-google
user-custom01
user-custom02
users:
user1 -> roles: user-google, user-custom01
user2 -> roles: user-custom02
How can I permit only users with role user-google to access the the google
client? For custom clients I can change the code to look for the role but
most SSO setups like Google don't have an option to do this. Is there a way
in Keycloak to restrict access?
Thanks so much.
More information about the keycloak-user
mailing list