[keycloak-user] Application and Realm Roles

Edem Morny emorny at gmail.com
Tue Jun 16 09:58:14 EDT 2015


I've created a realm, and a default role in that realm called "user". I
then created a client and added an application role to the client. I've
set "use-resource-role-mappings" to true in the keycloak.json file
inside my war file.

I attempt to access a path that is protected by the role "user", and log
in with an account that has both the realm role "user" and the
application role "mdc-staff", and I'm redirected to my 403 page, meaning
the "user" role didn't seem to be available to the user. When I attempt
to access a path protected by the "mdc-staff" role, i don't get a 403,
meaning that the application specific role is available.

Is there something I need to do to enable both realm and application
level roles available to the user when I login? This is very key for us
to implementing SSO for different client secured by the same realm. I
thought "Full Scopes Allowed" was not enabled, but it was and still
things don't work as expected.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20150616/015466d9/attachment.html 

More information about the keycloak-user mailing list