[keycloak-user] RPT can not be issued to resource owner
stefan.wachter
stefan.wachter at bosch-si.com
Wed Jul 18 08:53:52 EDT 2018
Agree. However, if a resource owner does not have enough grants by
default then the approval mechanism should kick in. This is at least
what the response error "request_submitted" indicates.
Best regards,
*Stefan Wachter
INST-ICM/BSV-BS*
Tel. +49(711)811-58477
*Be**QIK
*
Am 18.07.2018 um 14:11 schrieb Pedro Igor Silva:
> The owner of a resource does not grants necessarily access to the
> resource. So, yeah, you need some policy to actually define who can
> access (the owner) the resource. I'm not sure if makes sense to owners
> approve requests to access their resources though.
>
> On Wed, Jul 18, 2018 at 6:30 AM, stefan.wachter
> <stefan.wachter at bosch-si.com <mailto:stefan.wachter at bosch-si.com>> wrote:
>
> As a work-around I added a policy that authorizes resource owners:
>
> if ($evaluation.getContext().getIdentity().getId() ==
> $evaluation.getPermission().getResource().getOwner())
> $evaluation.grant()
>
> and a permission that uses that policy.
>
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org <mailto:keycloak-user at lists.jboss.org>
> https://lists.jboss.org/mailman/listinfo/keycloak-user
> <https://lists.jboss.org/mailman/listinfo/keycloak-user>
>
>
More information about the keycloak-user
mailing list