[keycloak-user] Authorization Evaluation tool and how to merge PR in lower branch
Teodor Haret
haret.spiru.teodor at gmail.com
Wed May 10 07:36:40 EDT 2017
Hello !
First of all, congratulations on a nice product and keep up the good work !
We are using KC v2.5.5.Final and we encountered an issue with Evaluation
tool on RBAC, which seems to have been already fixed in latest version - I
tested on master branch. At a first look, the issue seems to have been
already fixed under KEYCLOAK-4652.
Our issue in few details is:
- if we evaluate against a user which was granted a given realm role
(ROLE1) directly, the result is 'Permit'; this is expected behavior.
- if we evaluate against another user which inherits the same realm role
(ROLE1) indirectly - due to belonging to a group, the evaluation result is
'Deny'.
I would need your advise on:
- supposing 'KEYCLOAK-4652' is the one that fixes also my issue, what would
the procedure to ask for this fix to be merged down to 2.5.5.Final as well ?
- generically speaking, is there any scenario where I should open a
separate issue on 2.5.5.Final ( eg. cases where fix from 'KEYCLOAK-4652' is
generic/complex and we want only a sub-part of it, etc) ?
Thank you,
Teo
More information about the keycloak-user
mailing list