Authorization services not work #20779
Replies: 2 comments 2 replies
-
|
Same issue for me |
Beta Was this translation helpful? Give feedback.
-
|
same here ... |
Beta Was this translation helpful? Give feedback.
-
|
Ok I think I solved the issue, in keycloak, when authorization is being done, keycloak doesn't stop the user from signing in ever, instead what it does is in the OpenID Connect token being given, it includes a new claim about which resources the user should be allowed to access, this is up to the application to interpret, not keycloak. If your application does not understand how to restrict certain users from logging in based on authorization, you can create a custom flow that checks for a claim and then denies access at the keycloak level. That would however require some more additional steps. Tell me if you want me to tell you how to do that. |
Beta Was this translation helpful? Give feedback.
-
|
I have the same issue. I'm very interested in knowing how you created a custom flow so that it checks for a claim, as I could not find this option in keycloaks authentication flows. |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
-
I want to implement a client to only open permissions to specified users, and complete the configuration through official documents, but it does not take effect.
client capability config:client Authorization Resource:client Authorization policy:Create a new policy namedmypolicywhoseTypeisUser, and specify userwiki1client Authorization permission:Create a new permission whoseTypeisResource-Based, and specify policymypolicy,specific resourcesDefault Resourcewhen i use
Evaluatetest,looks as expecteduse wiki1:
use wiki2:
But when I access my client(
OpenID Connect), it will use keycloak for login authentication. Both wiki1 and wiki2 can be authenticated.Is there any configuration I'm missing? hope you can help me.Beta Was this translation helpful? Give feedback.
All reactions