如何在Keycloak管理控制台中对客户端进行IP限制 [英] How to do IP restrictation for clients in keycloak admin console
问题描述
我在keycloak管理控制台中定义了一个客户端,以使用client_credentials流对其进行授权,以在我的应用程序中调用服务器到服务器api.一切都很好,我想对该客户端应用IP限制.
I defined a client in keycloak admin console to authorize it with client_credentials flow to call server-to-server api in my application. Everything is fine, i want to apply IP restriction for that client.
我在哪里可以在管理控制台中定义此限制?我没有在keycloak文档中找到这样的配置.
Where can i define this restriction in admin console? i didn't find such configuration in keycloak documentation.
推荐答案
没有开箱即用的此类设置,但是您可以尝试实现自定义客户端身份验证器.因此,例如,可以将允许的IP地址添加到客户端属性中,并且您的身份验证器实现将针对指定的IP地址挑战输入请求.参见服务器开发". "Keycloak"文档中的部分".您也可以参考keycloak github repo以获得实现示例和指南.从
There is no such settings out of the box, but you could try to implement custom client authenticator. So for example allowed IP Addr could be stored in client attributes, and your authenticator implementation will challenge incoming request against specified IP addr. See "Server Development" section in Keycloak documentation. Also you can refer to keycloak github repo for implementation examples and guides. Start from
