I have installed Keycloak 26.2.5 and customized the Login, Admin, and Account Console pages.
My need:
I want to make the Account Console page the landing page for each user after they log in through the login page.
In the Account Console, when the user clicks on “Applications,” they should see a list of the applications they may have access to.
These applications will be created as clients (SAML, OIDC, etc.), and roles will be created and linked to these applications.
If the user is assigned to one of these roles, the corresponding application should appear on the landing page under “Applications.”
I have searched for days to find whether Keycloak offers this functionality, but I haven’t found anything.
Is this scenario possible with Keycloak or not?
Is there a complete guide for this?
For testing, I created an application, a role, and assigned the user to that role — but the application does not appear in the list of applications in the Account Console.
If you send the user to https://{keycloak-host}/realms/{realm}/account/, they will be prompted to log in, and then be sent to the account console. There they can click on “Applications” to be shown a list of of apps.
There is no way to “assign” users to specific applications in Keycloak, as there are in other IAM systems, so that they will only see applications (“Clients” in Keycloak) that they are assigned to (either directly or by role/group). Keycloak assumes that it is the responsibility of the application to determine if the user is authorized to use it.
There is a way to restrict whether or not the user can go to that application using the keycloak-restrict-client-auth extension, but this will not effect what is shown in the “Applications” page in the account console.
Well, sad that keycloak doesn’t have this
Most of other access management tools have it by default
They have this concept of landing page which for every user, after login, shows the list of apps it can effectively access using groups and roles..
Let s see we have like 200 apps in our organisation, it s non sense to list all those to every user..we should present him the set of apps it can only access
Well, can i maybe customise Applications.ts file
by retrieving viewable apps for logged user , using roles or groups mapped to the client (app)?
I m really surprised keycloak doesn’t have this feature by default
Thnx
No, not the theme (layout) but the Applications.tsx file that loads the list of applications..
I want to add the logic of displaying only apps that logged used can view and access
But no idea from.where to start
That should be a built-in feature because many users asked iy..
No, not the theme (layout) but the Applications.tsx
Apologies for the confusion. The Applications.tsx file is part of a component in Keycloak called the “account theme”. When you are customizing the account console, either for functionality or look and feel, you are building a custom theme. More documentation is available in the Server Developer guide Server Developer Guide
That should be a built-in feature because many users asked iy..
Thanks for repeating this over and over on a forum that can’t do anything about it. This is a community forum where the Keycloak maintainers are rarely present. I would recommend filing an issue or discussion on their Github if this issue is important to you.
Thanks for those links. I hadn’t seen the new guides.
IMO Keycloakify is still vastly superior for the login and account themes, as it is much easier to use, and ensures forward/backwards compatibility (unlike the Keycloak native themes!). However, like building any frontend thing in this age, you pick your poison.
Yes thank you very much all of you for your hints
This how i’m thinking to do it
Modifiying Applications.tsx like this :
get the list of client-roles to which belong the current user
and only display the clients (apps) related to those client-roles
I don t know if this the approach or should i use groups instead.
In fact i will use Active Directoy groups to give access (viewability in console+ effective access) to a given app
I didn‘t write the guide, nor am I in any way involved. I just posted the link to the guide, as I know there is this guide. Additionally, I‘ve never tested it.
If you feel there are errors, please open an issue at the Keycloak GitHub repository and describe what you experienced.