hypertextAug 19, 2023

Keycloak - restrict access to certain applications

https://feddit.de/post/2684611

Keycloak - restrict access to certain applications - Feddit

Hi, I have successfully set up Keycloak and use it for a few of the applications that I’m running (unfortunately not every app supports oauth2/oidc yet). However there’s one issue I haven’t been able to resolve yet: I want to restrict access to certain applications (like portainer) to specific users (me). I’ve already tried going to the portainer client > Authorization, added a role based policy and added the policy to the default permission, but other users that don’t have this role can still log in. If I go to “Evaluate” it gives me the expected correct result for the different users

Show threadtrial_and_err
I’m no expert, but Keycloak is just doing authentication (does the user have a valid account?) for you. For authorisation (is the authenticated user allowed to access the site?) you could put Pomerium in front of your apps and authorise based on user groups for different paths.
Home - Pomerium

Pomerium is a context-aware gateway for managing access control to your internal services and infrastructure hosted in any environment.

Pomerium
Aug 19, 2023 at 7:40amWeb