Keycloak SAML Application Users Mapping


I’m using Keycloak as my SAML IDP, in my realm I have two applications, Now I’m struggling to map only selected users to my first application, and a few other users to the second application, How can I map specific users to an application ?.


  1. Created Realm (TestRealm)
  2. In TestRealm created Application1 and in an application created Role1
  3. Created Application2 and in an application created Role2
  4. Created User1 and mapped to the Application1 and Role1
  5. Created User2 and mapped to the Application2 and Role2

Now the issue is I’m able to access Application1 with User2 and Application2 with User1, so How can I restrict the User1 accessing the Application2 and User2 accessing the Application1 ?


Recently, there was a discusstion related to this:

Here you might find some hints. In short: Try to do the authorization/restrictions in the client application whenever possible.

bye, Matthias