[keycloak-user] Keycloak policies eval

Pedro Igor Silva psilva at redhat.com
Tue Apr 2 18:11:52 EDT 2019


I think this is maybe related to the "Client Authorization" extension? See
https://www.keycloak.org/extensions.html. It seems that what you are
looking for is not supported OOTB.

This extension is really interesting ...

On Tue, Apr 2, 2019 at 6:17 PM Sebastien Blanc <sblanc at redhat.com> wrote:

> I'm sorry and still don't really get your question. If you want to use
> policies and you are using Spring Boot you should really take a look at
> this quickstart :
>
> https://github.com/keycloak/keycloak-quickstarts/tree/latest/app-authz-springboot
>
> On Tue, Apr 2, 2019 at 6:12 PM Simão Silva <simao.sfos at gmail.com> wrote:
>
> > Hi there,
> >
> > I use this url to get my users access token ("
> > http://localhost:8090/auth/realms/MYREALM/protocol/openid-connect/token
> ")
> > with username, password, client_id, realm, client secret  and grant type,
> > the last one with the value "password". My question is how to make this
> > request  not returning any access token therefore not allowing
> > authentication on my Realm using some kind of policy (time and
> role-based).
> >
> > Best regards,
> > Simão Silva
> >
> >
> > On Tue, Apr 2, 2019 at 10:28 AM Sebastien Blanc <sblanc at redhat.com>
> wrote:
> >
> >> We need more info here. Do you want just authentication with simple RBAC
> >> or do you want to use the authorization layer ? Have you seen our
> >> Springboot quickstarts ?
> >>
> >> On Sun, Mar 31, 2019 at 2:15 PM Simão Silva <simao.sfos at gmail.com>
> wrote:
> >>
> >>> Hi there,
> >>>
> >>> I'm  implementing keycloak for authentication in a server with spring
> >>> boot.  I'm doing something like "@RequestMapping("/login") " in java
> but
> >>> the policies aren't taken into account, because I can login with every
> >>> user
> >>> in the client. I want something like this
> >>>
> >>>
> https://github.com/keycloak/keycloak-quickstarts/blob/latest/app-authz-jee-vanilla/src/main/webapp/index.jsp
> >>> ,
> >>> that  tells me if the user can or not access the specific client in a
> >>> resource. What should I do?
> >>>
> >>> Best regards,
> >>> Simão Silva
> >>> _______________________________________________
> >>> keycloak-user mailing list
> >>> keycloak-user at lists.jboss.org
> >>> https://lists.jboss.org/mailman/listinfo/keycloak-user
> >>
> >>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user


More information about the keycloak-user mailing list