[keycloak-user] Realm roles
Bruno Oliveira
bruno at abstractj.org
Tue Oct 24 22:57:11 EDT 2017
Hi Jeff, out of curiosity, have you tried the quickstarts
https://github.com/keycloak/keycloak-quickstarts/tree/master ?
On Wed, Oct 25, 2017 at 12:24 AM Jeff Larsen <jlar310 at gmail.com> wrote:
> We are trying to use keycloak auth on a Spring Boot app as demonstrated on
> this page:
>
> https://developers.redhat.com/blog/2017/05/25/easily-secure-
> your-spring-boot-applications-with-keycloak/
>
> Everything works fine as long as I use client roles. However, our user base
> is in Active Directory. We have successfully created a role mapper for the
> realm to convert AD groups to realm roles. However, we can't get the above
> example to work with realm roles. We intend to use the realm roles across
> several clients so we don't want to map them to each client config
> individually.
>
> This documentation:
>
> http://www.keycloak.org/docs/3.2/securing_apps/topics/oidc/
> java/java-adapter-config.html
>
> claims that the property use-resource-role-mappings controls whether client
> or realm roles are used. However, whether that property is set to true or
> false we are only seeing client resource roles work in the demo app.
>
> We are using Keycloak 3.2.1.Final and setting the property in Spring as
> keycloak.use-client-role-mappings = false. I'm especially frustrated
> because the docs say it defaults to realm roles if the property is not
> present and we're not seeing that behavior either.
>
> Are we doing something wrong? What are we missing? Maybe a bug?
>
> Thanks,
>
> Jeff
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
More information about the keycloak-user
mailing list