Realm- & Client-Isolation

Realm-Whitelists und clientspezifische Policy-Konfiguration durchsetzen.

Anforderungsabdeckung

REQ-REALM-001

Support realm whitelist

REQ-REALM-002

Block requests to non-whitelisted realms

REQ-REALM-003

Support per-client allowed realm configuration

REQ-CLIENT-001

Support client ID whitelist

REQ-CLIENT-002

Detect public vs confidential client

REQ-CLIENT-003

Per-client policy configuration

Testbeispiele

REALM-001BLOCKIERT

Unbekanntes Realm blockiert

Beispiel-Request

curl 'https://keycloak-alg:8443/realms/unknown-realm/protocol/openid-connect/auth?\
  response_type=code&client_id=myapp&redirect_uri=https://app.example.com/cb'

Erwartete Antwort

{"error":"access_denied","error_description":"Realm 'unknown-realm' is not in the whitelist"}