Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Work with Multiple Client #92

Closed
1 task done
elmidwill opened this issue Jul 21, 2022 · 4 comments
Closed
1 task done

Work with Multiple Client #92

elmidwill opened this issue Jul 21, 2022 · 4 comments
Assignees
@sventorben
Labels
documentation Improvements or additions to documentation wontfix This will not be worked on

Comments

@elmidwill
Copy link

Is there an existing feature request for this?

  • I have searched the existing issues

Is your feature related to a problem? Please describe.

This is more of a question then a feature request, but if the answer is no then it can be a feature request. Does this feature work with multiple clients, and by that I mean will it work to isolate more than one client?

Here is an example. Lets say I have 4 apps that I want to configure on one Realm. Can I create 4 different authenticators. Use those 4 different authenticators one per app, and users would be able to access 1, 2, 3 or 4 applications depending on their roles?

The problem trying to wrap my head around is if all clients have this restricted-access role needed for one or the other application, is it possible to have a user restricted to any more than 1 app at a time?

Describe the solution you'd like

No response

Describe alternatives you've considered

No response

Anything else?

No response
@elmidwill elmidwill added the feature Feature Request label Jul 21, 2022
@sventorben sventorben self-assigned this Jul 21, 2022
@sventorben sventorben added documentation Improvements or additions to documentation wontfix This will not be worked on and removed feature Feature Request labels Jul 21, 2022
@sventorben
Copy link
Owner

Hello @elmidwill,

thanks for your question.
Working with multiple clients is possible. The key is that the role restricted-access is not a global realm role, but rather multiple roles - one per client.

In your concrete scenario you may add a client per app. For each client you define a role restricted-access. So, instead of a global role restricted-access you have four roles:

  • app1.restricted-access
  • app2.restricted-access
  • app3.restricted-access
  • app4.restricted-access

If a user should have access to let's say app1 and app3, you simply assign roles app1.restricted-access and app3.restricted-access to that user.

Does that help?

Best regards
Sven-Torben

@elmidwill
Copy link
Author

@sventorben Sounds like exactly what I was looking for. I am in the middle of a POC so I am going to give that a try. I'll let you and anyone else that might be interested in this solution know how it turns out.

@elmidwill
Copy link
Author

So I got around to trying this today. It doesn't appear to work with SAML authentication on version 18.0.2, or more likely I am not doing something correctly.

After adding the provider, restarting KC, I created a copy of the browser flow, edited it as per instructions. I then created the role in a client, and changed the "Authentication Flow Overrides" to the copy that was created, and when I try to login from an app using SAML, it redirects to KC and immediately presents me with "Invalid username or password" without prompting for either.

@sventorben
Copy link
Owner

See #94

@awsmaythem awsmaythem mentioned this issue Oct 29, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@sventorben sventorben

Labels
documentation Improvements or additions to documentation wontfix This will not be worked on
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@elmidwill @sventorben