[keycloak-user] How to allow only tokens with a specific claim at identity brokering in KeyCloak?

Iurii yurexus at gmail.com
Tue Jul 9 08:21:39 EDT 2019


Hello,

I am using KeyCloak with two external identity providers configured for
identity brokering. There is a requirement to not allow accessing the
application protected with KeyCloak if the token issued by one of the
external identity providers doesn't contain a specific claim.

In other words - if external IdP "A" issues a token without claim "xxx"
equal to "yyy", KeyCloak must not allow logging in.

Is it possible to configure this in KeyCloak, or I will have to modify the
application protected with KeyCloak to check this condition?

Thanks!


More information about the keycloak-user mailing list