search

indigo-iam / iam

INDIGO Identity and Access Management Service
https://indigo-iam.github.io/
Other
99 stars 43 forks source link

How to disable dynamic clients ? #727

Closed chaen closed 2 months ago

chaen commented 3 months ago

Hi,

For the time being, tokens are only used for pilot submission, which is a very controlled environment. To make sure we stay in this very controlled situation, and until we have more experience, I would like to be able to disable entirely dynamic client registration. How can I do this ? Thanks a lot Chris

federicaagostini commented 3 months ago

Hi, it is possible to disable anonymous client registration at deployment level, by setting the following property

client-registration:
  allow-for: REGISTERED_USERS

or using the environment variable IAM_CLIENT_REGISTRATION_ALLOW_FOR=REGISTERED_USERS.

chaen commented 3 months ago

Thanks ! But my understanding of that option is that it does not prevent a lambda user from a VO to create a client. Is that correct ? What I would like to achieve is that only admins can create client.

federicaagostini commented 3 months ago

Ok, sorry it was not clear to me.

To limit client registration only for admins please set 

client-registration:
  allow-for: ADMINISTRATORS
chaen commented 3 months ago

Thanks a lot ! I try finding it in the doc but did not manage. Is it just not there or did I miss something ?

federicaagostini commented 3 months ago

You are right, it is not present. We are going to add it.

federicaagostini commented 1 week ago

PR https://github.com/indigo-iam/iam-website/pull/122