Client Registration
Last updated
Last updated
In Client Registration, within the Initial Access Tokens section, an initial access token can be utilized to generate new clients.
This token comes with customizable expiration settings and a limit on the number of clients that can be created.
On clicking on Create, you can see the below screen
This indicates the duration for which the Access Token should remain valid.
You can adjust the duration as needed using the arrow keys. Additionally, you can change the duration unit by selecting the preferred option from the dropdown menu.
This specifies the maximum number of clients that can be created using the token.
By default, it is set to 1, but you can modify this value according to your needs.
After making the adjustments, click on Save to confirm the changes.
If you don’t want to apply the changes and revert the changes done, click on Reset to discard the modifications.
Client Registration Policies allow for the enforcement of various configuration settings on clients during their creation or update.
These policies are used when the Client Registration Service is invoked by unauthenticated requests, which indicates that the request lacks an Initial Access Token or Bearer Token.
It denotes the name assigned to the policy when it is created.
It refers to the ID of the provider you wish to set up for this specific policy.
If you wish to create any additional policies for client registration, simply click on Add Provider and choose your preferred option from the dropdown menu.
After selecting an option from the dropdown menu, you'll be directed to the screen below.
For example, in this scenario, the max-clients option is selected.
This configuration imposes a cap on the quantity of clients allowed to be added to a realm.
Once this policy is set up, registering new clients will be prohibited if the number of clients in a realm reaches the specified maximum limit.
Here, Name indicates the policy's Display Name.
This is the option that you selected from the dropdown menu of Add Provider.
This setting enables you to establish the Maximum number of clients allowed per realm.
You have the flexibility to define this according to your specific needs.
Click on Save to implement these adjustments.
Upon saving this specific policy, it will be included in the list under Anonymous Access Policies.
Click on Reset to discard the changes done.
This encompasses the available actions that can be taken regarding existing client policies, such as Edit or Delete.
If you want to modify any specific attribute within a Client Policy, simply click on Edit.
When you click on Edit for a specific Client Policy, the subsequent screen will appear.
For Example - Upon clicking Edit for the Max Clients Limit policy, the following screen will be displayed.
This field cannot be edited.
It is generated automatically when you create a new Policy.
This field is mandatory and can be modified.
It pertains to the Display Name of the specific Client Policy.
This refers to the name of the Provider selected during the creation of the Client Policy.
This field cannot be edited.
You can modify this field.
It represents the maximum number of clients permitted to register with this realm.
If the number of clients reach the configured limit, new client registrations will be prohibited.
You have the flexibility to adjust this according to your needs.
Click on Save to implement these adjustments.
After making the changes, if you do not want to incorporate these changes, click on Reset to discard the modifications.
If you don’t need any policy or want to remove it, you can simply click on Delete to remove it.
The table below lists different providers and the services they offer.
allowed-client-templates
It allows to specify a whitelist of client scopes, which will be permitted in the representation of registered or updated clients.
client-disabled
The newly registered client will be disabled and it will require manual activation by the administrator.
scope
The newly registered client will not be allowed the full scope.
max-clients
New client registration will be prohibited if the number of existing clients in the realm equals the configured limit.
allowed-protocol-mappers
It enables the specification of a whitelist of protocol mapper types that will be permitted in the representation of registered or updated clients.
trusted-hosts
It allows to specify the hosts from which users can register and the redirect URIs that clients can utilize in their configuration.
consent-required
The newly registered client will always have the ConsentRequired switch enabled.
This refers to the Policies used when the Client Registration Service is invoked by an authenticated request, which indicates that the request includes either an Initial Access Token or a Bearer Token.
It denotes the Name assigned to the Policy when it is created.
It refers to the ID of the Provider you wish to set up for this specific Policy.
If you wish to create any additional policies for Client Registration, click on Add Provider and select your preferred option from the dropdown menu.
After choosing your preferred Provider option from the Add Provider dropdown menu, you will be directed to the screen below.
For example - if you select the allowed-client-templates option, you'll see the below screen.
This setting enables you to define a whitelist of client scopes that will be allowed for registered or updated clients.
It refers to the Display Name of the Policy.
This refers to the name of the Provider that you selected from the dropdown menu of Add Provider.
This section comprises the whitelist of Client Scopes allowed for use on a newly registered client.
If a client registration attempt includes client scopes which are not on the whitelist, it will be declined.
By default, the whitelist is either empty or consists solely of realm default client scopes, depending on the configuration of the Allow Default Scopes setting.
You can select the required options from the dropdown menu as per your requirements.
This toggle button controls whether newly registered clients are permitted to have client scopes specified in the realm's default client scopes or optional client scopes.
When enabled (toggled ON), newly registered clients can have these scopes.
Conversely, when disabled (toggled OFF), clients will not have these scopes.
Once you've entered the details, click on Save to successfully add the policy.
It will then appear in the list under Authenticated Access Policies.
If you decide not to add the Policy, click on Reset to discard the changes.
This includes the available actions that can be taken regarding existing Client Policies, such as Edit or Delete.
If you want to change any specific attribute within a Client Policy, simply click on Edit.
Upon selecting Edit for a particular Client Policy, the following screen will be displayed.
For example - If you click Edit for Allowed Client Scopes, the following screen will be displayed.
This field cannot be edited.
It is generated automatically when you create a new Policy.
This field is mandatory and can be modified.
It refers to the Display Name of the specific Client Policy.
You can tailor this according to your needs.
This indicates the name of the Provider that you selected (from the dropdown menu for Add Provider) during the creation of the Client Policy.
This field cannot be edited.
This section contains a whitelist of Client Scopes permitted for use when registering a new client.
If a registration attempt includes Client Scopes which are not on the whitelist, it will be rejected.
By default, the whitelist is either empty or contains only realm default client scopes, depending on the configuration of the Allow Default Scopes setting.
You can adjust the whitelist by adding or removing scopes from the dropdown menu according to your needs.
This toggle button determines if newly registered clients can possess client scopes outlined in the realm's default or optional client scopes.
When activated (toggled ON), newly registered clients can possess these scopes.
When deactivated (toggled OFF), clients will not have these scopes.
This field can be edited and can be turned ON or OFF as per your requirements.
After making the adjustments, simply click on Save to apply those changes.
If you prefer not to apply those modifications, click on Reset to discard the changes.
If you find that any existing policy is no longer needed, click on Delete to remove it.
