I have a client in keycloak
for my awx(ansible tower) webpage.
I need only the users from one specific keycloak
group to be able to log in through this client.
How can I forbid all other users(except from one particular group) from using this keycloak
client?
On Keycloak admin console, go to Clients menu, select your client. On the client configuration page, set Authorization Enabled: On, click Save. A new Authorization tab should appear, go to it, then to the Policies tab underneath, click Create Policy and select Group-based policy. There, you can restrict access to specific groups, assuming you have defined your groups via the Groups menu already.
--EDIT 2019-11-08--
As mentioned in comments, Client Protocol must be set to openid-connect and Access Type must be set to confidential, in order to make the Authorization Enabled option visible.