[keycloak-user] shared UMA 2.0 resource & scope based policies
Pedro Igor Silva
psilva at redhat.com
Wed Jan 16 06:25:24 EST 2019
Hi Marek,
Which version of Keycloak are you using?
I tried to reproduce the problem using upstream and the evaluation tool
looks correct by reporting only album:view. The same goes if obtaining an
RPT from the token endpoint.
On Wed, Jan 16, 2019 at 12:21 AM Marek Lindner <mareklindner at neomailbox.ch>
wrote:
> On Wednesday, 16 January 2019 00:54:43 HKT Lamina, Marco wrote:
> > I've had a similar problem, it might be related to this:
> >
> > https://issues.jboss.org/browse/KEYCLOAK-9093
>
> It may be related but I am not 100% sure yet.
>
> What do your policies & permissions look like ? If you compare your
> evaluation
> screenshot and mine you can see that my keycloak has a policy installed
> which
> forbids non-owners to access the resource. That DENY policy is overruled
> due
> to some unrelated scope.
>
> In your case there seems to be no DENY at all. Could be you have an 'allow
> everybody' policy in place. Keycloak comes with such default policies you
> may
> want to look into.
>
> Cheers,
> Marek
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
More information about the keycloak-user
mailing list