[keycloak-user] Policies seem to go corrupt, version 2.5.0

Pedro Igor Silva psilva at redhat.com
Tue Jan 24 08:21:33 EST 2017 

I see. I'm going to check what is happening. Can't understand why it works
after re-creating the policies.

So, you were using which version before migrating to 2.5.0 ? Did you also
try a build from upstream ?

On Tue, Jan 24, 2017 at 11:04 AM, Ushanas Shastri <ushanas at gmail.com> wrote:

> Hello Pedro,
>
> Policies created by us stop working.  For example,  without any change the
> Evaluation API shows Deny,  and we can't investigate why,  as the  policy
> results in Resource not found.
>
> Interestingly,  while the Evaluation API  in the administration console
> says denied,  the protected application gets a permit when using the
> Authorization API.
>
> We then recreate the policies,  permissions and all is good again.
>
> Regards, Ushanas.
>
>
> On 24-Jan-2017 5:05 PM, "Pedro Igor Silva" <psilva at redhat.com> wrote:
>
> HI Ushanas, recently we made a specific change to update policies types
> from "drools" to "rules". But that was in 2.5.1, so I think it is not case.
>
> Can you elaborate more what are those random instances of policies ? Are
> they being created somehow but not by you ?
>
> Regarding the resource not found, I think I have fixed this with this PR
> https://github.com/keycloak/keycloak/pull/3766/. It should be available
> on 2.5.1.
>
> Thanks.
>
> On Tue, Jan 24, 2017 at 12:51 AM, Ushanas Shastri <ushanas at gmail.com>
> wrote:
>
>> Hello,
>>
>> I've created scope based permissions tied to role based policies.  Any new
>> permission or policy we create,  all looks right, but we find random
>> instances of policies that deny authorization,  and when we want to
>> investigate,  we can't even see the details of the policy.  It shows up in
>> the list,  but clicking on it takes us to a resource nor found page.
>> Any ideas on what may be happening here?
>>
>> Regards, Ushanas.
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>
>
>
>

More information about the keycloak-user mailing list