[keycloak-user] Restrict access to clients based on Group membership
Prashant Bapat
prashant.bapat at thetradedesk.com
Thu Nov 8 04:04:32 EST 2018
Hi,
In our Keycloak setup (ver 4.4.0) we have a master realm configured to authenticate users in a Windows AD. We heavily use SAML and OIDC and both work great.
Is there a way to restrict access to a OIDC client based on a group membership ? I’ve been reading up the docs and trying to get this working without success.
For example, let’s say we have 2 clients;
client-dev-api
client-prod-api
Can I configure Keycloak to issue JWT token for client-dev-api to members of AD group “Developers” and client-prod-api to members AD group “Production” ?
Any guidance on getting this to work would be appreciated.
Thanks.
--Prashant
More information about the keycloak-user
mailing list