this post was submitted on 19 Aug 2023
21 points (95.7% liked)

Selfhosted

39895 readers
536 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 1 year ago
MODERATORS
 

Hi, I have successfully set up Keycloak and use it for a few of the applications that I'm running (unfortunately not every app supports oauth2/oidc yet).

However there's one issue I haven't been able to resolve yet: I want to restrict access to certain applications (like portainer) to specific users (me).

I've already tried going to the portainer client > Authorization, added a role based policy and added the policy to the default permission, but other users that don't have this role can still log in. If I go to "Evaluate" it gives me the expected correct result for the different users

you are viewing a single comment's thread
view the rest of the comments
[–] marcos@lemmy.world 2 points 1 year ago

Keycloak claims to handle authorization, but the part that it handles goes only up to enumerating what accesses you have.

Checking those accesses and allowing or restricting the usage is up to your system.