[keycloak-user] Struggling with roles via groups

Marek Posolda mposolda at redhat.com
Mon Sep 12 22:55:23 EDT 2016


You're right, the group roles are not picked correctly by admin REST at 
this moment.

AFAIK This is going to be fixed soon in Keycloak master and will be in 
Keycloak 2.3. The admin REST will always rely on the roles from the 
token, which includes transitive role memberships retrieved via groups too.

Marek

On 12/09/16 17:23, Niko Köbler wrote:
> Sorry, forgot the version...
> I’m using 2.1.0.Final
>
>> Am 12.09.2016 um 17:03 schrieb Niko Köbler <niko at n-k.de>:
>>
>> Hi,
>>
>> currently I’m struggling a bit with roles assigned directly to a user and indirectly via a group the user belongs to.
>> This is my scenario:
>>
>> Role „admin“, which is a composite role and has from client „realm-management“ the roles „impersonation, manage-users, view-users“ assigned.
>> Group „admins“, which the role „admin“ is assigned to.
>>
>> If I assign the „admin" role to a user in „myRealm“, the user is able to get a list of all users via HTTP REST call „/auth/admin/realms/myRealm/users“
>> If I now remove this role from the user and let it join the group „admins“, the user should have also the „impersonation, manage-users, view-users“ client roles - as far as I understand it correctly. The decoded access token also contains all the roles. But when the user now is calling the above mentioned HTTP REST call, a 403 Forbidden response is returned.
>>
>> What am I missing?
>> Am I doing something wrong?
>> Or is Keycloak not evaluating the roles correctly?
>>
>> Any help is appreciated!
>>
>> regards,
>> - Niko
>>
>>
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user




More information about the keycloak-user mailing list