Hi, I have successfully set up Keycloak and use it for a few of the applications that I’m running (unfortunately not every app supports oauth2/oidc yet).

However there’s one issue I haven’t been able to resolve yet: I want to restrict access to certain applications (like portainer) to specific users (me).

I’ve already tried going to the portainer client > Authorization, added a role based policy and added the policy to the default permission, but other users that don’t have this role can still log in. If I go to “Evaluate” it gives me the expected correct result for the different users

  • @marcos
    link
    English
    21 year ago

    Keycloak claims to handle authorization, but the part that it handles goes only up to enumerating what accesses you have.

    Checking those accesses and allowing or restricting the usage is up to your system.