How to limit / target a client policy to be applied to only selected clients?

imrefazekas · January 13, 2026, 1:26pm

I have a realm definition:

"clientPolicies": {
		"policies": [
			{
				"name": "fapi-2-policy",
				"description": "FAPI 2.0 Security Policy for IKEA with DPoP",
				"enabled": true,
				"conditions": [
					{
						"condition": "client-roles",
						"configuration": {
							"is-negative-logic": false,
							"roles": ["FAPIV2"]
						}
					}
				],
				"profiles": ["fapi-2-dpop-security-profile"]
			}
		]
	}

And have 3 clients:


"clients": [

        {"clientId": "ikea-tpp" … },
        {"clientId": "gateway-exchanger" … },
        {"clientId": "internal-services" … },
]

How to set Keycloak to not apply fapi-2-policy to gateway-exchanger?

I tried to add roles configuration, but after having set it, did not matter if I added “FAPIV2“ as role to a given client or not…

Thanks.

Topic		Replies	Views
Client Display Based on Role	2	362	November 6, 2023
Role Policy configuration Configuring the server	10	78	December 12, 2025
Can a resource be protected via policy without client adapter? Getting advice oidc	6	1432	February 22, 2022
Client Permissions on Resources not reflecting on Clients Configuring the server authentication	0	534	January 7, 2023
Role Based Authentication With Multiple Client in one Realm Getting advice admin-rest , authentication , client-configuration , oidc , saml	0	180	May 3, 2024

How to limit / target a client policy to be applied to only selected clients?

Related topics