<div dir="ltr">Hello all!<div><br></div><div>I&#39;m trying to follow the tutorial for the oAuth2 plugin [1] but I had some issues.</div><div>The authentication policy worked fine! After adding the second policy (Authorization) I get the following response error</div><div><br></div><blockquote style="margin:0px 0px 0px 40px;border:none;padding:0px"><div><div><font face="monospace, monospace">HTTP/1.1 500 Internal Server Error</font></div></div><div><div><font face="monospace, monospace">Connection: keep-alive</font></div></div><div><div><font face="monospace, monospace">Content-Length: 238</font></div></div><div><div><font face="monospace, monospace">Content-Type: application/json</font></div></div><div><div><font face="monospace, monospace">Date: Tue, 25 Aug 2015 21:12:31 GMT</font></div></div><div><div><font face="monospace, monospace">Server: WildFly/8</font></div></div><div><div><font face="monospace, monospace">X-Policy-Failure-Code: 10010</font></div></div><div><div><font face="monospace, monospace">X-Policy-Failure-Message: No roles have been extracted during authentication.  Make sure the authorization policy comes *after* a compatible authentication policy in your configuration.</font></div></div><div><div><font face="monospace, monospace">X-Policy-Failure-Type: Other</font></div></div><div><div><font face="monospace, monospace">X-Powered-By: Undertow/1</font></div></div><div><div><font face="monospace, monospace"><br></font></div></div><div><div><font face="monospace, monospace">{</font></div></div><div><div><font face="monospace, monospace">    &quot;failureCode&quot;: 10010,</font></div></div><div><div><font face="monospace, monospace">    &quot;headers&quot;: {},</font></div></div><div><div><font face="monospace, monospace">    &quot;message&quot;: <b>&quot;No roles have been extracted during authentication.  Make sure the authorization policy comes *after* a compatible authentication policy in your configuration.</b>&quot;,</font></div></div><div><div><font face="monospace, monospace">    &quot;responseCode&quot;: 0,</font></div></div><div><div><font face="monospace, monospace">    &quot;type&quot;: &quot;Other&quot;</font></div></div><div><div><font face="monospace, monospace">}</font></div></div></blockquote><div><br></div><div>but my JWT access_token appears to be right. I mean, I can see the roles in it. See my access_toke decoded:</div><div><br></div><blockquote style="margin:0px 0px 0px 40px;border:none;padding:0px"><div><div>{</div></div><div><div>  &quot;preferred_username&quot;: &quot;rincewind&quot;,                                                                                                                          </div></div><div><div>  &quot;name&quot;: &quot;&quot;,                                                                                                                                                 </div></div><div><div>  &quot;resource_access&quot;: {                                                                                                                                        </div></div><div><div>    &quot;account&quot;: {                                                                                                                                              </div></div><div><div>      &quot;roles&quot;: [                                                                                                                                              </div></div><div><div>        &quot;manage-account&quot;,                                                                                                                                     </div></div><div><div>        &quot;view-profile&quot;</div></div><div><div>      ]                                                                                                                                                       </div></div><div><div>    }                                                                                                                                                         </div></div><div><div>  },                                                                                                                                                          </div></div><div><div>  &quot;<b>realm_access&quot;: {                                                                                                                                           </b></div></div><div><div><b>    &quot;roles&quot;: [                                                                                                                                                </b></div></div><div><div><b>      &quot;echomeister&quot;</b></div></div><div><div><b>    ]                                                                                                                                                         </b></div></div><div><div><b>  }</b>,                                                                                                                                                          </div></div><div><div>  &quot;allowed-origins&quot;: [],                                                                                                                                      </div></div><div><div>  &quot;client_session&quot;: &quot;b25536e6-4331-46fd-afe1-b0adf766b533&quot;,                                                                                                   </div></div><div><div>  &quot;session_state&quot;: &quot;213e75e1-bf8b-4f0c-808e-683fb3a4c1de&quot;,                                                                                                    </div></div><div><div>  &quot;jti&quot;: &quot;43c59d9a-b659-4708-a1da-968ea23004d7&quot;,                                                                                                              </div></div><div><div>  &quot;exp&quot;: 1440536956,                                                                                                                                          </div></div><div><div>  &quot;nbf&quot;: 0,                                                                                                                                                   </div></div><div><div>  &quot;iat&quot;: 1440536656,                                                                                                                                          </div></div><div><div>  &quot;iss&quot;: &quot;<a href="http://127.0.0.1:8080/auth/realms/stottie">http://127.0.0.1:8080/auth/realms/stottie</a>&quot;,                                                                                                         </div></div><div><div>  &quot;aud&quot;: &quot;apiman&quot;,                                                                                                                                            </div></div><div><div>  &quot;sub&quot;: &quot;de4af322-85b2-4dbe-8d53-6a2ee29e4080&quot;,                                                                                                              </div></div><div><div>  &quot;azp&quot;: &quot;apiman&quot;</div></div><div><div>} </div></div></blockquote><div><br></div><div>As you can see the &quot;<b>echomeister</b>&quot; realm_role is there...</div><div><br></div><div>What this response message means?</div><div><br></div><div>[1] <a href="http://www.apiman.io/blog/gateway/security/oauth2/keycloak/authentication/authorization/2015/06/09/keycloak-oauth2.html">http://www.apiman.io/blog/gateway/security/oauth2/keycloak/authentication/authorization/2015/06/09/keycloak-oauth2.html</a><br clear="all"><div><div class="gmail_signature">________________________<br>Rafael Torres Coelho Soares<br></div></div>
</div></div>