[keycloak-user] Policies seem to go corrupt, version 2.5.0

Ushanas Shastri ushanas at gmail.com
Tue Jan 24 08:43:14 EST 2017 

Hello,

We didn't migrate,  we did a fresh install.  I'm checking if we copied
standalone.xml from an older  version,  but I doubt it.

Haven't yet taken the upstream version. We've had difficulties making a
build,  and are looking into it.

Thank you,
Regards, Ushanas.



On 24-Jan-2017 6:51 PM, "Pedro Igor Silva" <psilva at redhat.com> wrote:

> I see. I'm going to check what is happening. Can't understand why it works
> after re-creating the policies.
>
> So, you were using which version before migrating to 2.5.0 ? Did you also
> try a build from upstream ?
>
> On Tue, Jan 24, 2017 at 11:04 AM, Ushanas Shastri <ushanas at gmail.com>
> wrote:
>
>> Hello Pedro,
>>
>> Policies created by us stop working.  For example,  without any change
>> the Evaluation API shows Deny,  and we can't investigate why,  as the
>>  policy results in Resource not found.
>>
>> Interestingly,  while the Evaluation API  in the administration console
>> says denied,  the protected application gets a permit when using the
>> Authorization API.
>>
>> We then recreate the policies,  permissions and all is good again.
>>
>> Regards, Ushanas.
>>
>>
>> On 24-Jan-2017 5:05 PM, "Pedro Igor Silva" <psilva at redhat.com> wrote:
>>
>> HI Ushanas, recently we made a specific change to update policies types
>> from "drools" to "rules". But that was in 2.5.1, so I think it is not case.
>>
>> Can you elaborate more what are those random instances of policies ? Are
>> they being created somehow but not by you ?
>>
>> Regarding the resource not found, I think I have fixed this with this PR
>> https://github.com/keycloak/keycloak/pull/3766/. It should be available
>> on 2.5.1.
>>
>> Thanks.
>>
>> On Tue, Jan 24, 2017 at 12:51 AM, Ushanas Shastri <ushanas at gmail.com>
>> wrote:
>>
>>> Hello,
>>>
>>> I've created scope based permissions tied to role based policies.  Any
>>> new
>>> permission or policy we create,  all looks right, but we find random
>>> instances of policies that deny authorization,  and when we want to
>>> investigate,  we can't even see the details of the policy.  It shows up
>>> in
>>> the list,  but clicking on it takes us to a resource nor found page.
>>> Any ideas on what may be happening here?
>>>
>>> Regards, Ushanas.
>>> _______________________________________________
>>> keycloak-user mailing list
>>> keycloak-user at lists.jboss.org
>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>
>>
>>
>>
>

More information about the keycloak-user mailing list