Bug 57335 – Support for app restrictions in univention-keycloak

Bug 57335 - Support for app restrictions in univention-keycloak


Summary:	Support for app restrictions in univention-keycloak

Status:	NEW

Product:	UCS
Classification:	Unclassified
Component:	Keycloak
Version:	UCS 5.0
Hardware:	Other Linux

Importance:	P5 normal (vote)
Target Milestone:	---
Assigned To:	UCS maintainers
QA Contact:	UCS maintainers

URL:
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2024-05-24 10:36 CEST by Finn David
Modified:	2024-05-27 15:33 CEST (History)
CC List:	2 users (show)

See Also:
What kind of report is it?:	Bug Report
What type of bug is this?:	4: Minor Usability: Impairs usability in secondary scenarios
Who will be affected by this bug?:	3: Will affect average number of installed domains
How will those affected feel about the bug?:	2: A Pain – users won’t like this once they notice it
User Pain:	0.137
Enterprise Customer affected?:	Yes
School Customer affected?:	Yes
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:	2024052321000104
Bug group (optional):
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Finn David

2024-05-24 10:36:58 CEST

From our Keycloak app manual:
Attention: Application access restriction isn’t yet integrated into the UDM UMC module yet. [...] If you don’t have an immediate need, it’s recommended that you wait until the integration is complete in a future version of the Keycloak app.


The customer has an immediate need because they want and have to migrate to Keycloak. With simplesamlphp it's possible to grant groups access to specific services via udm/cli and therefore process a large batch of groups.

We lack that functionality as of right now with our keycloak implementation and the documented steps in our manual to achieve that is quite tedious if there are many groups, in this case ~150.