Hi
I have client which is ui client.
I want to limit the access for client that is ui client so only relvant users will be able to login.
This is what I tried
- Create Roles:
- Go to the Keycloak admin console.
- Select your realm.
- Navigate to Roles and create roles that correspond to the access levels you need (e.g.,
roleAfor App A,roleBfor App B).
- Assign Roles to Clients:
- Go to Clients and select the client you want to configure.
- Navigate to the Roles tab and create client-specific roles (e.g.,
clientRoleAfor Client A).
- Assign Roles to Users:
- Go to Users and select the user you want to configure.
- Navigate to the Role Mappings tab.
- Assign the appropriate roles to the user. For example, assign
roleAto users who should only access App A.
- Configure Client Scopes:
- Go to Clients and select the client.
- Navigate to the Client Scopes tab.
- Add the necessary roles to the client scope to ensure that only users with the correct roles can access the client.
- Use Authorization Services:
- If you need more granular control, you can use Keycloak’s authorization services.
- Go to Clients and select the client.
- Navigate to the Authorization tab and create policies and permissions to control access based on roles.
Result:
After complete step 1-4 user can login even if he does not have the role
After step 5 user can not login even if he have the role
I also read somewhere that step 5 is not realvant to client that is for ui
Any advice?