First of all I am totally new keycloak and IAM.
- For now, we have multiple realms for different applications.
- All these realms have identity provider configured which is another dedicated realm.
- User are created in the identity provider realm and then they can access clients in other realms.
I used this to configure Two Keycloaks on local machine to test brokering - Miscellanaeous - Keycloak
Now I want to create a group in this dedicated realm for providing access and use that group to access client on other realms.
So for example:
Realm atishay-test have a client ( I am using default account client realms/atishay-test/account/#/ ) and it should be denied for user atishay unless atishay is assigned a role or is in group which then allows accessing client.
So far I have tried creating the new authentication flow, following this security - Keycloak: Role based client log-in access restriction for users - Stack Overflow but it does not work. I get invalid credentials on the page without asking for credentials.
I also tried to enable authorization on the client but that also does not work, I get error
failed to initialize keycloak
and it is not solved by adding * to web origins. I had to turn off the confidential client to make it working again.
So I want to create users and groups in the dedicated realm (Identity-provider) and use them for access in the other realms.
Like I said I am totally new to this, it will be great if someone can help me on this.
Thanks in advance