I’m new in the world of sso. I’m working for migrate to Keycloak. Everything’s work find, all account are transferred, but I thinks I miss something about the authorization flow for user.
I created a policy, and it’s working fine with the evaluate tool . But I can connect with the login page even if the user don’t match the policy.
For the connexion I use :
/protocol/openid-connect/auth?+ “?client_id=”+ client_id + “&response_type=code”+ “&scope= openid&redirect_uri=” + redirect_uri
I think I miss Something but I can’t find what is it.
Or I need to block access with the result of the JWT ?