How to disable dynamic clients ?

[chaen]

Hi,

For the time being, tokens are only used for pilot submission, which is a very controlled environment. To make sure we stay in this very controlled situation, and until we have more experience, I would like to be able to disable entirely dynamic client registration.
How can I do this ?
Thanks a lot
Chris

[federicaagostini]

Hi, it is possible to disable anonymous client registration at deployment level, by setting the following property

client-registration:
  allow-for: REGISTERED_USERS

or using the environment variable IAM_CLIENT_REGISTRATION_ALLOW_FOR=REGISTERED_USERS.

[chaen]

Thanks ! But my understanding of that option is that it does not prevent a lambda user from a VO to create a client. Is that correct ?
What I would like to achieve is that only admins can create client.

[federicaagostini]

Ok, sorry it was not clear to me.

To limit client registration only for admins please set

client-registration:
  allow-for: ADMINISTRATORS 

[chaen]

Thanks a lot ! I try finding it in the doc but did not manage. Is it just not there or did I miss something ?

[federicaagostini]

You are right, it is not present. We are going to add it.

[federicaagostini]

PR indigo-iam/iam-website#122