3

I just started using keycloak for my spring project. I have been trying to make a multi-tenant approach using group-based policy but unsuccessful. The user is still able to access a client that are not in the allowed groups of group-based policy.

  • User1 (group1)

  • User2 (group2)

  • Client1 = accessible by group1

  • Client2 = accessible by group2

User2 shouldn't be able to access Client1.

Here's how I did it.

  • Created a group-based policy in Client1.

group1 policy

  • Created a new permission in Client1 with group1 only policy. permission with group1 policy

With this setup I shouldn't be able to access the Client1 with User2 user.

Community
  • 1
  • 1
Kevin King
  • 557
  • 1
  • 9
  • 25

1 Answers1

0

Do not misuse groups as tenants, use realms as tenants.

Julian Egner
  • 221
  • 3
  • 8