[keycloak-user] OIDC / SAML client access restriction
Steeve C
steevechailloux at gmail.com
Thu Sep 26 10:20:02 EDT 2019
Thanks! That's exactly what I was looking for.
Steeve
Le lun. 23 sept. 2019 à 21:39, Chris Boot <lists at bootc.boo.tc> a écrit :
> On 20/09/2019 11:32, Steeve C wrote:
> > Hi,
> >
> > I'm looking for a way to restrict user access to a given OIDC (and / or
> > SAML) client for a given realm. I've tried to configure it using OIDC
> > "Authorization" feature by modifying the "Default policy" JS code to:
> >
> > ```
> > $evaluation.deny();
> > ```
> > But without success, users are still able to connect to the client.
> > I've also tried to create a client role, but even if the user doesn't
> have
> > this role he can login to the application.
> >
> > Can you confirm me that it is possible to restrict user login access to
> > given user(s) / group(s) at the IdP level (keycloak) without modifying
> the
> > client (like without checking which role the user have)?
> >
> > If it's possible, then could you explain me which process should I use?
> > (it's not very clear to me at the moment).
>
> This is something I fought with a short while ago, and came up with this:
>
> https://lists.jboss.org/pipermail/keycloak-user/2019-August/018967.html
>
>
> --
> Chris Boot
> bootc at boo.tc
>
More information about the keycloak-user
mailing list