[keycloak-user] Set which user can authenticate at which client

Remko Lodder remko at FreeBSD.org
Fri Jul 5 09:25:23 EDT 2019 

Hello,

> On 23 Jun 2019, at 21:37, Remko Lodder <remko at FreeBSD.org> wrote:
> 
> Signed PGP part
> Hi,
> 
> I am new to Keycloak and first of all I would like to thank you and all contributors for all your hard work.
> I have little experience with Keycloak and it’s usage so please put me on the correct track in case I am off :-)
> 
> So: For a customer and my own environment I am implementing Keycloak. I am consolidating our users in one
> Realm and have added a multitude of clients (both saml as oidc). I would like to be able to place selectors on users
> when importing them or setting it manually, that someone has access to for example gitlab. I found that Okta has
> probably want I am looking for described here:
> 
> https://help.okta.com/en/prod/Content/Topics/Directory/group-assign-app.htm <https://help.okta.com/en/prod/Content/Topics/Directory/group-assign-app.htm>
> 
> Now, is there something like that also in Keycloak? I would like users to be part of a group, or role, or whatever
> and that way control who has access where, without needing to fiddle with the application on the back (I can do
> that for targetting specific roles, like admin, manager, read-write, read-only, etc).
> 
> I was not able to find something similar .. so probably I overlooked it or didn’t understand the documentation :-)
> 
> Any pointers/suggestions/this is not an option right now?
> 
> Thanks & Again, thank you all,
> Remko
> 
> 


Is someone able help me with this? I know I can check the role on the client (like in NGINX) but I would like to set
which users can authenticate at which client, without the client even knowing who the users actually are. That way
I can create one big realm and provision my users that aren feed them through LDAP.

Cheers
Remko
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: Message signed with OpenPGP
Url : http://lists.jboss.org/pipermail/keycloak-user/attachments/20190705/09192d29/attachment.bin

More information about the keycloak-user mailing list