I want to decline the authentication for a specific client when a user isn’t a member of a specific group or hasn’t a assigned role.
I checked this one
For my understanding I can define either a group or role policy and assign this to a permission (e.g. to the default permission).
I’d expect that the authentication returns a HTTP 401 if the user/password is valid but the permission isn’t given.
Tried this out but it doesn’t work as I thought. Am I wrong with my expectation? And if it should work as described, do I have to take care of anything else?
Best
Gerald