Client Display Based on Role

elihuj117 · November 3, 2023, 3:46pm

I am looking to restrict client display based on Role, and wanted to see if this is a capability of Keycloak. For example, I have a single Realm with two Clients. User A has access to both Clients, while User B has access to only Client B. I want to set it up so that when User B logs in, they only see Client B. Can this be accomplished with Keycloak? Thank you.

embesozzi · November 3, 2023, 7:45pm

You can review this custom SPI for restricting access:

GitHub - sventorben/keycloak-restrict-client-auth: A Keycloak authenticator to restrict authorization on clients

Nevertheless, I don’t recommend applying access control on the IdP level. I prefer implementing the Police Enforcement Point (PEP) at the application or API level

elihuj117 · November 6, 2023, 9:49pm

Thank you for the reply, @embesozzi. This is close, but not exactly what I’m after. It doesn’t look like this is quite what I’m after though, as this doesn’t look like it will allow you to restrict by role.

Topic		Replies	Views
How to Restrict Token Generation Based on User-Client Access in Keycloak Getting advice	2	305	November 22, 2023
Restricting login to some clients based on client roles Getting advice authentication , client-configuration , oidc	3	86	April 9, 2024
Restrict login to specific group for one client Getting advice	4	290	January 19, 2024
Restricting access for users to clients Getting advice authentication , client-configuration	0	493	October 29, 2020
Allow users only for specific clients in a given realm Getting advice	11	18259	February 19, 2024

Client Display Based on Role

Related Topics