Reputation: 56
Implementing a Custom Policy along with Related UI for Keycloak Authorization Server
For a project, I am utilizing the Keycloak authorization server version 23.0.4 to manage access control for my services. My goal is to regulate user access based on Users, Roles, and also a bespoke policy (Branch) that is not included in Keycloak's default features. Consequently, I decided to implement a custom policy tailored for my client in association with my services. To achieve this, I have developed a SPI to implement PolicyProviderFactory, AbstractPolicyRepresentation, and a PolicyProvider. The implementation of the PolicyProvider is structured as follows:
public class CustomBranchPolicyProvider implements PolicyProvider {
private static final org.jboss.logging.Logger log = Logger.getLogger(TosanBranchPolicyProviderExt.class);
private final BiFunction<Policy, AuthorizationProvider, TosanBranchPolicyRepresentationExt> representationFunction;
public TosanBranchPolicyProvider(BiFunction<Policy, AuthorizationProvider, TosanBranchPolicyRepresentationExt> representationFunction) {
this.representationFunction = representationFunction;
}
@Override
public void evaluate(Evaluation evaluation) {
EvaluationContext context = evaluation.getContext();
Identity identity = context.getIdentity();
Attributes attributes = identity.getAttributes();
String username = attributes.getValue("username").asString(0);
// If the username has one of branches access is granted
if (HasBranch(username)) {
evaluation.grant();
} else {
evaluation.deny();
}
}
}
Everything is working well, and I can see my custom policy under the Authorization tab. However, the user interface (UI) for my policy appears to be a generic one designed for any custom policies, like the following image:
I would like to have a custom UI similar to the Keycloak Role policy UI for my own custom policy (Branch). This interface should allow users to select from various branch options.
How can I achieve this? I would greatly appreciate any assistance anyone can provide.
Upvotes: 0
Views: 35
Answers (0)
Related Questions
- Integrating Keycloak with Angular and Spring Boot for Authentication/Authozitaion
- How to fetch path-parameters from the requested resource URI in policies of Keycloak Authorization Services?
- Can keycloak JavaScript based policy calls remote REST API?
- Keycloak uma-grant type tickets for service accounts do not seem to work with policies
- Spring Security + Keycloak Authorization: How to associate an endpoint with a Resource?
- ABAC with keycloak - Using Resource attributes in policy
- Building a Java OAuth2.0 authorization server with Keycloak