[keycloak-user] shared UMA 2.0 resource & scope based policies
Marek Lindner
mareklindner at neomailbox.ch
Tue Jan 15 21:19:31 EST 2019
On Wednesday, 16 January 2019 00:54:43 HKT Lamina, Marco wrote:
> I've had a similar problem, it might be related to this:
>
> https://issues.jboss.org/browse/KEYCLOAK-9093
It may be related but I am not 100% sure yet.
What do your policies & permissions look like ? If you compare your evaluation
screenshot and mine you can see that my keycloak has a policy installed which
forbids non-owners to access the resource. That DENY policy is overruled due
to some unrelated scope.
In your case there seems to be no DENY at all. Could be you have an 'allow
everybody' policy in place. Keycloak comes with such default policies you may
want to look into.
Cheers,
Marek
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 488 bytes
Desc: This is a digitally signed message part.
Url : http://lists.jboss.org/pipermail/keycloak-user/attachments/20190116/0ec0fd1a/attachment.bin
More information about the keycloak-user
mailing list