[keycloak-user] Problem switching to application-level roles
Orestis Tsakiridis
orestis.tsakiridis at telestax.com
Wed Aug 26 04:41:34 EDT 2015
False alarm!
Application level roles work. I was probably missing something.
The problem was due to bad configuration (i'm using a dynamic resolver)
that prevented "use-resource-role-mapping" property from getting effective.
On Mon, Aug 24, 2015 at 4:01 PM, Orestis Tsakiridis <
orestis.tsakiridis at telestax.com> wrote:
> Hi,
>
> I'm trying to switch realm-level to application-level roles with no
> success. To isolate the issue i decided to try on the example customer-app
> and database-service applications and see how it goes. No luck again.
>
> Here is what i do and fails:
>
> 1. I'm using keycloak 1.2.0.Final
> 2. I've added "use-resource-role-mappings"->true to keycloak json of both
> customer-app and database-service app.
> 3. I edited 'customer-portal' and 'database-service' clients and added a
> 'user' application level role.
> 4. I edited bburke at redhat.com user. Removed the realm-level 'user' role
> and added 'user' application-level roles for customer-portal and
> database-service clients.
>
> After i login and try to see customers listing i get a 'Forbidden'
> response. If i add 'user' realm-level role to bburke at redhat.com
> everything works normally as if use-resource-role-mapping was ignored.
>
> Any ideas ?
>
> Is there any additional action i should perform ?
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20150826/e8da36c9/attachment.html
More information about the keycloak-user
mailing list