[keycloak-user] Realm roles
Jeff Larsen
jlar310 at gmail.com
Tue Oct 24 22:24:48 EDT 2017
We are trying to use keycloak auth on a Spring Boot app as demonstrated on
this page:
https://developers.redhat.com/blog/2017/05/25/easily-secure-
your-spring-boot-applications-with-keycloak/
Everything works fine as long as I use client roles. However, our user base
is in Active Directory. We have successfully created a role mapper for the
realm to convert AD groups to realm roles. However, we can't get the above
example to work with realm roles. We intend to use the realm roles across
several clients so we don't want to map them to each client config
individually.
This documentation:
http://www.keycloak.org/docs/3.2/securing_apps/topics/oidc/
java/java-adapter-config.html
claims that the property use-resource-role-mappings controls whether client
or realm roles are used. However, whether that property is set to true or
false we are only seeing client resource roles work in the demo app.
We are using Keycloak 3.2.1.Final and setting the property in Spring as
keycloak.use-client-role-mappings = false. I'm especially frustrated
because the docs say it defaults to realm roles if the property is not
present and we're not seeing that behavior either.
Are we doing something wrong? What are we missing? Maybe a bug?
Thanks,
Jeff
More information about the keycloak-user
mailing list